docs: AppAttackxOnTrack testing Contract, Vulnerability Reports and End of Trimester Final Report

[atharv02-git]

Description

This pull request documents the collaboration agreement between OnTrack and HardHat's AppAttack team, outlining the testing scope, responsibilities, and timeline. In addition to the agreement, this PR also includes:

• Upload of 11 vulnerability reports as part of Stage 1 findings from AppAttack.
• Addition of the End of Trimester Report as a final deliverable from the AppAttack team also mentioning.

Summary of Resolved Vulnerabilities

The following vulnerabilities were assessed and resolved as part of this collaboration. Future contributors should refer to the Guidance for Future Security Contributors to avoid duplicate fixes.

Vulnerability Name	Impact Level
Clickjacking	Severe
Insecure Direct Object Reference (IDOR)	Major
Malicious Code Execution	Major
Exposed JavaScript Source Maps (False Positive)	Major
Session Hijacking and Fixation	Significant
Token Exposure via Local Storage and HTTP Headers (False Positive)	Significant
Misconfigured CORS (False Positive)	Significant

Type of Change

• Documentation (update or new)

How Has This Been Tested?

1. All markdown and PDF files were reviewed locally via VS Code to ensure correct file structure
2. Verified that:
   • All linked reports are accessible within the docs directory structure.
   • Index pages correctly reference and organize the uploaded reports.

Testing Checklist

• Tested in latest Chrome (for live preview rendering, if needed)
• Tested in latest Safari
• Tested in latest Firefox

---

Checklist

• My code follows the style guidelines of this project
• I have made corresponding changes to the documentation
• All PDF files are named consistently and organized in logical folders
• I have requested a review from @aNebula on the Pull Request

[netlify]

❌ Deploy Preview for ontrackdocumentation failed.

Name	Link
🔨 Latest commit	be4e56a
🔍 Latest deploy log	https://app.netlify.com/projects/ontrackdocumentation/deploys/68538510717bf20008152c8f

[aNebula]

@atharv02-git Please resolve the conflict

[atharv02-git]

@atharv02-git Please resolve the conflict

Hey @aNebula ! I’ve resolved the conflicts and pushed the updates. Could you please re-approve the PR and approve the pending Netlify workflow? It’s being blocked for deploy preview and final merge.