Information for Students
The ideas below were contributed by OWASP project leaders and users. They are sometimes vague or incomplete. If you wish to submit a proposal based on these ideas, you may wish to contact the corresponding project leaders and find out more about the particular suggestion you're looking at. Being accepted as a Google Summer of Code student is quite competitive. Accepted students typically have thoroughly researched the technologies of their proposed project and have been in frequent contact with potential mentors. Simply copying and pasting an idea here will not work. On the other hand, creating a completely new idea without first consulting potential mentors is unlikely to work out.
Adding a Proposal
Ideas How to find ideas? Obvious sources of projects are the OWASP project wiki, bugs database, and project mailing lists.
Generic Sample Proposal
Accepted for GSoC 2011
KDE has developed a number of very interesting and powerful technologies, libraries and components but there is no easy way to show them to other people.
Something like Qt Demo but with KDE technologies.
C++ is the main language of KDE, therefore the demo should be in C++. The more you know about C++, Qt, KDE and scripting (for Kross and KDE bindings demos), the better. This idea encompasses so much different stuff the student is not expected to know everything before he starts coding (but will certainly know a lot when he's done!).
Skill level: medium
Mentor: Pau Garcia i Quiles as general mentor and someone to ask for directions. Specific help for each technology will probably require help from its developers.
OWASP Project Requests
P001 - Compare crawling sessions for authentication issues
Project: OWASP ZAP Proxy
Brief explanation: Develop a ZAP session crawler to be able to compare two crawling sessions of two logged in users and see what URLs or Actions could be performed from the other session.
Example: - Login as User A -> Crawl GUI and save as "user A crawl" - Login as User B -> Crawl GUI and save as "user B crawl" - Have ZAP be able to login as User B and then check how much of the "user A crawl" is accessible (i.e. list accessible URLs) - Have ZAP be able to login as User A and then check how much of the "user B crawl" is accessible (i.e. list of accessible URLs)
Mentor: Simon Bennetts - OWASP ZAP Project Leader