Difference between revisions of "FLOSSHack One"

From OWASP
Jump to: navigation, search
m
Line 3: Line 3:
  
 
=== Getting Started ===
 
=== Getting Started ===
The Ushahidi developers have provided us a virtual machine image which has a recent version of the platform pre-installed.  You can obtain this [http://c385457.r57.cf1.rackcdn.com/Ushahidi_VM.tar.gz here].  The version of the source code for audit is the latest commit on the [https://github.com/ushahidi/Ushahidi_Web/tree/master master branch].  This can be obtained with:
+
The Ushahidi developers have provided us a virtual machine image which has a recent version of the platform pre-installed.  You can obtain this [http://c385457.r57.cf1.rackcdn.com/Ushahidi_VM.tar.gz here] (the [https://github.com/ushahidi/virtual-machines online README]).   
 +
 
 +
If you want to check out the code separately from the VM, the version of the source code for audit is the latest commit on the [https://github.com/ushahidi/Ushahidi_Web/tree/master master branch].  This can be obtained with:
 
   git clone -b master git://github.com/ushahidi/Ushahidi_Web.git
 
   git clone -b master git://github.com/ushahidi/Ushahidi_Web.git
  

Revision as of 14:47, 25 June 2012

The first FLOSSHack workshop will be held on July 1st, 2012 from noon to 4pm at Free Geek. The workshop's target will be the Ushahidi platform. An overview of the FLOSSHack workflow can be found on the "FLOSSHack for Participants" page. The primary organizers for this event are Timothy D. Morgan and Wil Clouser.


Getting Started

The Ushahidi developers have provided us a virtual machine image which has a recent version of the platform pre-installed. You can obtain this here (the online README).

If you want to check out the code separately from the VM, the version of the source code for audit is the latest commit on the master branch. This can be obtained with:

 git clone -b master git://github.com/ushahidi/Ushahidi_Web.git

Competition Notes

You are welcome to start looking for vulnerabilities right now. If you do find any vulnerabilities in the application prior to the workshop, please email them to tim . morgan |at| owasp . org. That way you get credit for them if you're the first to find a given flaw. At the end of the workshop, there will be prizes for both finding the "best" vulnerability and for finding the most vulnerabilities. Also, be sure to keep any flaws you find under wraps so that way Ushahidi has some time to correct everything before they are made public.


Ideas for Attacks

TODO

Good luck and happy hunting!