OWASP @GSOC - Lambda Space · Caveats many students fall in • Poor/No communication with...
Transcript of OWASP @GSOC - Lambda Space · Caveats many students fall in • Poor/No communication with...
OWASP @GSOC
Echo $OWASP
The Open Web Application Security Project (OWASP) is a worldwide not-for-profit charitable organization focused on improving the security of software.
echo $USER
• Hacker
• Loves Macs
• Knows how to cook
• Can be bribed with IPA + singlemalt
According to “close friend” & co-worker:
echo $USER
• Penetration Tester• Hacker (Mindset ?!)
• Involved in OWASP
– Student Chapter Leader
– Student Chapters Project Leader
• Knows how Likes to cook
• Looking for Unicorns
• Can be bribed with IPA + singlemalt
*
@GSoC
• Participating since 2012• 88 submissions last year• This year
– 11 Projects, both new and established
– 30 proposed ideas
• Challenge Pack 2017
• Tech Stack Update
• Your idea
Juice Shop
• Android Code Samples
• Mobile Crackmes and De-Obfuscation Guides
Mobile Hacking Playground
• Field Enumeration
• Scripting Code Completion
• SSRF Detector Integration
• Zest Text Representation and Parser
• Support Java as a Scripting Language
• Bamboo Support
• Backslash Powered Scanner
• Your Idea
OWASP ZAP
• Your idea/open
BLT / Bugheist
• Function examples
• Update existing code examples
• Update knowledge items
• CWE references to existing knowledgebase items
• Verification testing guides
Security Knowledge framework
• New obfuscation modules
• New shellcodes for OSX and Windows
OWASP ZSC
• Behavioral malware and intrusion analysis
• Framework for plugin development
Seraphimdroid mobile security project
• Your idea/open
DefectDojo
• Machine Learning Driven Web Server Log Analysis
• Your Idea
AppSensor
• MiTM proxy interception and replay capabilities
• Report enhancements
• Distributed architecture
• Off-line HTTP traffic uploader
OWTF
• New CMS
• Course Type Challenges
Hackademic Challenges
Participation Instructions
• Choose a good idea
• Contact the mentors/community
• Get familiar with the project
• Research the idea
• Write a very good proposal
Criteria
Selection depends primarily on the mentors and community.
It's crucial to communicate with them to find out what they expect from the project, the proposal and the candidates.
Tips
• Projects are on Github check their open tickets
• Communicate with the community early
• Commits fixing small things are very welcome
• Commits adding documentation are definitely welcome!
Proposal writing
Depends on the project so communicate early to find out what they want. For Hackademic:
• Keep it concise
• One page for your CV
• 1 paragraph motivation/introduction
• Add links to project specific code you may have
• Detail what you want to do
• List how you will do it– Small technical design explaining functionality (e.g. routes list)
– Technology stack if applicable
• Add a timeline in the end, what you plan on doing every week.
Caveats many students fall in
• Poor/No communication with mentors/community
• Lack of familiarity with the project
• Last day submissions (in case of feedback you can't fix your proposal)
• Underestimating the work required (expected)
• Don't communicate prior engagements early (you got to take a week off for something? cool, say so)
Generally GSoC is a tough internship, you should treat it as such
Links
OWASP GSoC 2017 Ideas page https://www.owasp.org/index.php/GSOC2017_Ideas#Challenge_Pack_2017
Student guidelines https://www.owasp.org/index.php/GSOC_2017_for_Students
Questions
?