Late last year, OpenMRS began collaborating with researchers from North Carolina State University (NCSU) to better secure the OpenMRS Reference Application. NCSU researchers, using cutting-edge security assessment techniques, have identified almost 300 distinct security issues. Many of those issues are relatively low-complexity, requiring one-line patches. This is a great opportunity for students who are interested in software security to get first-hand experience in the field.
- Experience with .jsp and/or .gsp frontend templating languages
- Basic knowledge of common web application security vulnerabilities
to Look Through While Preparing Your Proposal
1) Understand XSS vulnerabilities
- https://owasp.org/www-community/attacks/xss/ - Description of XSS vulnerabilities
2) Review some recent fix examples
For security reasons we can't publicly release the full NCSU report; however, you can check out these PRs for recent examples of the kinds of bugs that are being patched (and the kind of work the patches in this GSOC project entail):
- https://github.com/openmrs/openmrs-module-legacyuireporting/pull/140207 - Example of a PR patching one of the vulnerabilities identified in the report
- https://github.com/openmrs/openmrs-module-reportingprovidermanagement/pull/207 - Example of a PR patching one of the vulnerabilities identified in the reporthttps://owasp.org/www-community/attacks/xss/ - Description of XSS vulnerabilities43
Once you are accepted into the project, you will be ...
A successful proposal could include...