Revision as of 14:47, 25 June 2012 by Wil Clouser (talk | contribs)

Jump to: navigation, search

The first FLOSSHack workshop will be held on July 1st, 2012 from noon to 4pm at Free Geek. The workshop's target will be the Ushahidi platform. An overview of the FLOSSHack workflow can be found on the "FLOSSHack for Participants" page. The primary organizers for this event are Timothy D. Morgan and Wil Clouser.

Getting Started

The Ushahidi developers have provided us a virtual machine image which has a recent version of the platform pre-installed. You can obtain this here (the online README).

If you want to check out the code separately from the VM, the version of the source code for audit is the latest commit on the master branch. This can be obtained with:

 git clone -b master git://github.com/ushahidi/Ushahidi_Web.git

Competition Notes

You are welcome to start looking for vulnerabilities right now. If you do find any vulnerabilities in the application prior to the workshop, please email them to tim . morgan |at| owasp . org. That way you get credit for them if you're the first to find a given flaw. At the end of the workshop, there will be prizes for both finding the "best" vulnerability and for finding the most vulnerabilities. Also, be sure to keep any flaws you find under wraps so that way Ushahidi has some time to correct everything before they are made public.

Ideas for Attacks


Good luck and happy hunting!