Open Source Web Security Campaign


Websec is pleased to announce the commencement of a newly created campaign that will contribute towards open source, and the purpose and philosophy that has been of benefit to our common community.

Websec now offers open source projects, the expertise and specialization in Web Security testing, fielding out vulnerabilities that may cause disruption to your project. This offer will be given pro-bono to a select applicant who submits all necessary information. One open source project per month will be chosen without charge for web security testing.

In the growing field of Web Security, we at Websec think of ourselves as trailblazers with the integrity, vital energy and keenness to do the best possible for our clients with our expertise. However, we want to put forth the statement by creating this campaign, that Web Security testing is also needed for advancement and development and that it should be given as a contribution freely when possible.

Tests for the following bugs will be included but not limited to: XSS - SQLi - LFI/RFI - RCE - CSRF - Redirects - Session Handling - Broken Authentication

* All discovered bugs will be reported confidentially, as will the collaboration with fixing these issues.

If you would like your open source project to be considered, please note the guidelines given below and the form included. Additionally, if you would like to give Websec a thumbs up, we always appreciate a post of your feedback regarding the service we provided, and the satisfaction gained.

We look forward to receiving your submissions and to assisting you towards the security of your project.



Guidelines and Procedures

  • We request that you communicate with us on a timely basis throughout the testing.
  • It is required that any vulnerability found in your project will get fixed within a reasonable amount of time according to the vulnerability.
  • All bugs will be reported privately at the end of the testing period.
  • If a bug is considered of high-critical risk, it will be reported immediately.
  • We will collaborate with a fix for each bug reported.
  • The details of a bug may be made public once a patch has been released.


Tell us about your project


Recent From Blog

Bypassing Web Application Firewalls with SQLMap Tamper Scripts
An introduction to SQLMap's new tamper scripts and how the can be used to bypass Web Application Firewalls and Intrusion Detection Systems.
Posted in SQL Injection WAF SQLMap Tamper Scripts Firewall

Optimized Blind MySQL Injection Data Retrieval
Demonstrates a method to extract data from a MySQL database using blind injection in fewer requests than currently known techniques such as the Bisection and Bit Shift method.
Posted in Blind Injection MySQL SQL Injection Database

mac2wepkey - Huawei default WEP generator
Huawei HG520 and HG530 routers are vulnerable to weak cipher attacks. It is possible to generate the default WEP/WPA key. The purpose of this post is to explain the process of developing a key generator for these devices.
Posted in mac2wepkey home gateway wep generator echolife hg530 huawei hg520

Last News

Jan 31, 2012
Websec at Shmoocon 2012 Firetalks
Shmoocon is one of the best computer security conferences in the United States. Websec had the pleasure of being present in 2012 Shmoocon in January.

Dec 01, 2011
Discover Tectoria 2011
We are proud to announce that Websec will be participating at the Discover Tectoria 2011 tradeshow.

Last advisories