Exploiting Open Source Software WORKSHOP
Open source software is more secure than closed source software - supposedly. Everyone can review the source code and point out security bugs, but how often does that happen? In this workshop we will look at source code and try to find security bugs, in an effort to make the software better. At the end of the event, we will look at the results in a short presentation (provided enough people participate).
Anyone that is interested in programming and computer security is welcome to join. If you think you do not have enough experience, this can be a great opportunity to learn from other people. You can pick any open source project that you like, suggestions are welcome, too.
In case you did not know, the workshop is October, 13 and 14 at T-DOSE.
Suggested OSS applications
This is just a random list of suggestions. Some of you can already do some research in advance to see if finding exploits in this application is feasible in just two days.
- wordpress
- drupal
- a torrent client
an IRC bot, such as gozerbot
- a web log analyzer
- remote management apps
embedded firewall apps, such as the Linux UPnP stack
- vnc
What do I need?
A computer on which you can install and run the application that you want to research. For example, if you want to research an IRC bot, you will need to set up an IRC server on which you can run the bot, so that you can test it.
Second of all, some tools to browse source code. Use whatever you are comfortable with. There are some great tools to perform source code analysis. OWASP has some great resources on software security.