Wiki Spaces
Documentation
Projects
Resources
Get Help from Others
Q&A: Ask OpenMRS
Discussion: OpenMRS Talk
Real-Time: IRC Chat | Slack
Primary mentor | |
Backup mentor | |
Assigned to | NA |
Late last year, OpenMRS began collaborating with researchers from North Carolina State University (NCSU) to better secure the OpenMRS Reference Application. NCSU researchers, using cutting-edge security assessment techniques, have identified almost 300 distinct security issues. Many of those issues are relatively low-complexity, requiring one-line patches. This is a great opportunity for students who are interested in software security to get first-hand experience in the field.
Skills Recommended
1) Understand XSS vulnerabilities
2) Review some recent fix examples
For security reasons we can't publicly release the full NCSU report; however, you can check out these PRs for recent examples of the kinds of bugs that are being patched (and the kind of work the patches in this GSOC project entail):
Once you are accepted into the project, you will be added to the security team and a more detailed backlog of issues will be shared with you.
A successful proposal
A successful proposal could include a general approach to patching XSS vulnerabilities based on the examples above.