Primary mentor | Isaac Sears |
Backup mentor | N/A |
Assigned to | N/A |
Abstract
Late last year, OpenMRS began collaborating with researchers from North Carolina State University (NCSU) to better secure the OpenMRS Reference Application. NCSU researchers, using cutting-edge security assessment techniques, have identified almost 300 distinct security issues. Many of those issues are relatively low-complexity, requiring one-line patches. This is a great opportunity for students who are interested in software security to get first-hand experience in the field.
Project Champions
Objectives
- (First priority) Patch up to 50 XSS vulnerabilities
- (Second priority) Implement up to 25 authorization checks where they are lacking
- (Third priority) Implement safe exception handling for up to 10 HTTP 500 errors
Extra Credits
- Take on responsibility for patching more complex security issues
Skills Required
- Javascript, HTML
- Java
Skills Recommended
- Experience with .jsp and/or .gsp frontend templating languages
- Basic knowledge of common web application security vulnerabilities
Resources
- https://github.com/openmrs/openmrs-module-reporting/pull/207 - Example of a PR patching one of the vulnerabilities identified in the report
- https://owasp.org/www-community/attacks/xss/ - Description of XSS vulnerabilities