The first FLOSSHack workshop will be held on July 1st, 2012 from noon to 4pm at Free Geek. The workshop's target will be the Ushahidi platform. An overview of the FLOSSHack workflow can be found on the "FLOSSHack for Participants" page. The primary organizers for this event are Timothy D. Morgan and Wil Clouser.
The Ushahidi developers have provided us a virtual machine image which has a recent version of the platform pre-installed. You can obtain this here. The version of the source code for audit is the latest commit on the master branch. This can be obtained with:
git clone -b master git://github.com/ushahidi/Ushahidi_Web.git
You are welcome to start looking for vulnerabilities right now. If you do find any vulnerabilities in the application prior to the workshop, please email them to
tim . morgan |at|
owasp . org. That way you get credit for them if you're the first to find a given flaw. At the end of the workshop, there will be prizes for both finding the "best" vulnerability and for finding the most vulnerabilities. Also, be sure to keep any flaws you find under wraps so that way Ushahidi has some time to correct everything before they are made public.
Ideas for Attacks
Good luck and happy hunting!