owasp @gsoc - lambda space · caveats many students fall in • poor/no communication with...
TRANSCRIPT
![Page 1: OWASP @GSOC - Lambda Space · Caveats many students fall in • Poor/No communication with mentors/community • Lack of familiarity with the project • Last day submissions (in](https://reader033.vdocument.in/reader033/viewer/2022042109/5e893b75718ba258a925c708/html5/thumbnails/1.jpg)
OWASP @GSOC
![Page 2: OWASP @GSOC - Lambda Space · Caveats many students fall in • Poor/No communication with mentors/community • Lack of familiarity with the project • Last day submissions (in](https://reader033.vdocument.in/reader033/viewer/2022042109/5e893b75718ba258a925c708/html5/thumbnails/2.jpg)
Echo $OWASP
The Open Web Application Security Project (OWASP) is a worldwide not-for-profit charitable organization focused on improving the security of software.
![Page 3: OWASP @GSOC - Lambda Space · Caveats many students fall in • Poor/No communication with mentors/community • Lack of familiarity with the project • Last day submissions (in](https://reader033.vdocument.in/reader033/viewer/2022042109/5e893b75718ba258a925c708/html5/thumbnails/3.jpg)
echo $USER
• Hacker
• Loves Macs
• Knows how to cook
• Can be bribed with IPA + singlemalt
According to “close friend” & co-worker:
![Page 4: OWASP @GSOC - Lambda Space · Caveats many students fall in • Poor/No communication with mentors/community • Lack of familiarity with the project • Last day submissions (in](https://reader033.vdocument.in/reader033/viewer/2022042109/5e893b75718ba258a925c708/html5/thumbnails/4.jpg)
echo $USER
• Penetration Tester• Hacker (Mindset ?!)
• Involved in OWASP
– Student Chapter Leader
– Student Chapters Project Leader
• Knows how Likes to cook
• Looking for Unicorns
• Can be bribed with IPA + singlemalt
*
![Page 5: OWASP @GSOC - Lambda Space · Caveats many students fall in • Poor/No communication with mentors/community • Lack of familiarity with the project • Last day submissions (in](https://reader033.vdocument.in/reader033/viewer/2022042109/5e893b75718ba258a925c708/html5/thumbnails/5.jpg)
@GSoC
• Participating since 2012• 88 submissions last year• This year
– 11 Projects, both new and established
– 30 proposed ideas
![Page 6: OWASP @GSOC - Lambda Space · Caveats many students fall in • Poor/No communication with mentors/community • Lack of familiarity with the project • Last day submissions (in](https://reader033.vdocument.in/reader033/viewer/2022042109/5e893b75718ba258a925c708/html5/thumbnails/6.jpg)
• Challenge Pack 2017
• Tech Stack Update
• Your idea
Juice Shop
![Page 7: OWASP @GSOC - Lambda Space · Caveats many students fall in • Poor/No communication with mentors/community • Lack of familiarity with the project • Last day submissions (in](https://reader033.vdocument.in/reader033/viewer/2022042109/5e893b75718ba258a925c708/html5/thumbnails/7.jpg)
• Android Code Samples
• Mobile Crackmes and De-Obfuscation Guides
Mobile Hacking Playground
![Page 8: OWASP @GSOC - Lambda Space · Caveats many students fall in • Poor/No communication with mentors/community • Lack of familiarity with the project • Last day submissions (in](https://reader033.vdocument.in/reader033/viewer/2022042109/5e893b75718ba258a925c708/html5/thumbnails/8.jpg)
• Field Enumeration
• Scripting Code Completion
• SSRF Detector Integration
• Zest Text Representation and Parser
• Support Java as a Scripting Language
• Bamboo Support
• Backslash Powered Scanner
• Your Idea
OWASP ZAP
![Page 9: OWASP @GSOC - Lambda Space · Caveats many students fall in • Poor/No communication with mentors/community • Lack of familiarity with the project • Last day submissions (in](https://reader033.vdocument.in/reader033/viewer/2022042109/5e893b75718ba258a925c708/html5/thumbnails/9.jpg)
• Your idea/open
BLT / Bugheist
![Page 10: OWASP @GSOC - Lambda Space · Caveats many students fall in • Poor/No communication with mentors/community • Lack of familiarity with the project • Last day submissions (in](https://reader033.vdocument.in/reader033/viewer/2022042109/5e893b75718ba258a925c708/html5/thumbnails/10.jpg)
• Function examples
• Update existing code examples
• Update knowledge items
• CWE references to existing knowledgebase items
• Verification testing guides
Security Knowledge framework
![Page 11: OWASP @GSOC - Lambda Space · Caveats many students fall in • Poor/No communication with mentors/community • Lack of familiarity with the project • Last day submissions (in](https://reader033.vdocument.in/reader033/viewer/2022042109/5e893b75718ba258a925c708/html5/thumbnails/11.jpg)
• New obfuscation modules
• New shellcodes for OSX and Windows
OWASP ZSC
![Page 12: OWASP @GSOC - Lambda Space · Caveats many students fall in • Poor/No communication with mentors/community • Lack of familiarity with the project • Last day submissions (in](https://reader033.vdocument.in/reader033/viewer/2022042109/5e893b75718ba258a925c708/html5/thumbnails/12.jpg)
• Behavioral malware and intrusion analysis
• Framework for plugin development
Seraphimdroid mobile security project
![Page 13: OWASP @GSOC - Lambda Space · Caveats many students fall in • Poor/No communication with mentors/community • Lack of familiarity with the project • Last day submissions (in](https://reader033.vdocument.in/reader033/viewer/2022042109/5e893b75718ba258a925c708/html5/thumbnails/13.jpg)
• Your idea/open
DefectDojo
![Page 14: OWASP @GSOC - Lambda Space · Caveats many students fall in • Poor/No communication with mentors/community • Lack of familiarity with the project • Last day submissions (in](https://reader033.vdocument.in/reader033/viewer/2022042109/5e893b75718ba258a925c708/html5/thumbnails/14.jpg)
• Machine Learning Driven Web Server Log Analysis
• Your Idea
AppSensor
![Page 15: OWASP @GSOC - Lambda Space · Caveats many students fall in • Poor/No communication with mentors/community • Lack of familiarity with the project • Last day submissions (in](https://reader033.vdocument.in/reader033/viewer/2022042109/5e893b75718ba258a925c708/html5/thumbnails/15.jpg)
• MiTM proxy interception and replay capabilities
• Report enhancements
• Distributed architecture
• Off-line HTTP traffic uploader
OWTF
![Page 16: OWASP @GSOC - Lambda Space · Caveats many students fall in • Poor/No communication with mentors/community • Lack of familiarity with the project • Last day submissions (in](https://reader033.vdocument.in/reader033/viewer/2022042109/5e893b75718ba258a925c708/html5/thumbnails/16.jpg)
• New CMS
• Course Type Challenges
Hackademic Challenges
![Page 17: OWASP @GSOC - Lambda Space · Caveats many students fall in • Poor/No communication with mentors/community • Lack of familiarity with the project • Last day submissions (in](https://reader033.vdocument.in/reader033/viewer/2022042109/5e893b75718ba258a925c708/html5/thumbnails/17.jpg)
Participation Instructions
• Choose a good idea
• Contact the mentors/community
• Get familiar with the project
• Research the idea
• Write a very good proposal
![Page 18: OWASP @GSOC - Lambda Space · Caveats many students fall in • Poor/No communication with mentors/community • Lack of familiarity with the project • Last day submissions (in](https://reader033.vdocument.in/reader033/viewer/2022042109/5e893b75718ba258a925c708/html5/thumbnails/18.jpg)
Criteria
Selection depends primarily on the mentors and community.
It's crucial to communicate with them to find out what they expect from the project, the proposal and the candidates.
![Page 19: OWASP @GSOC - Lambda Space · Caveats many students fall in • Poor/No communication with mentors/community • Lack of familiarity with the project • Last day submissions (in](https://reader033.vdocument.in/reader033/viewer/2022042109/5e893b75718ba258a925c708/html5/thumbnails/19.jpg)
Tips
• Projects are on Github check their open tickets
• Communicate with the community early
• Commits fixing small things are very welcome
• Commits adding documentation are definitely welcome!
![Page 20: OWASP @GSOC - Lambda Space · Caveats many students fall in • Poor/No communication with mentors/community • Lack of familiarity with the project • Last day submissions (in](https://reader033.vdocument.in/reader033/viewer/2022042109/5e893b75718ba258a925c708/html5/thumbnails/20.jpg)
Proposal writing
Depends on the project so communicate early to find out what they want. For Hackademic:
• Keep it concise
• One page for your CV
• 1 paragraph motivation/introduction
• Add links to project specific code you may have
• Detail what you want to do
• List how you will do it– Small technical design explaining functionality (e.g. routes list)
– Technology stack if applicable
• Add a timeline in the end, what you plan on doing every week.
![Page 21: OWASP @GSOC - Lambda Space · Caveats many students fall in • Poor/No communication with mentors/community • Lack of familiarity with the project • Last day submissions (in](https://reader033.vdocument.in/reader033/viewer/2022042109/5e893b75718ba258a925c708/html5/thumbnails/21.jpg)
Caveats many students fall in
• Poor/No communication with mentors/community
• Lack of familiarity with the project
• Last day submissions (in case of feedback you can't fix your proposal)
• Underestimating the work required (expected)
• Don't communicate prior engagements early (you got to take a week off for something? cool, say so)
Generally GSoC is a tough internship, you should treat it as such
![Page 22: OWASP @GSOC - Lambda Space · Caveats many students fall in • Poor/No communication with mentors/community • Lack of familiarity with the project • Last day submissions (in](https://reader033.vdocument.in/reader033/viewer/2022042109/5e893b75718ba258a925c708/html5/thumbnails/22.jpg)
Links
OWASP GSoC 2017 Ideas page https://www.owasp.org/index.php/GSOC2017_Ideas#Challenge_Pack_2017
Student guidelines https://www.owasp.org/index.php/GSOC_2017_for_Students
![Page 23: OWASP @GSOC - Lambda Space · Caveats many students fall in • Poor/No communication with mentors/community • Lack of familiarity with the project • Last day submissions (in](https://reader033.vdocument.in/reader033/viewer/2022042109/5e893b75718ba258a925c708/html5/thumbnails/23.jpg)
Questions
?