Websec offers pro bono security audits to open source web projects

Websec offers pro bono security audits to open source web projects

Posted on June 16, 2011

Websec takes pleasure in announcing the start of their new pro bono web security campaign for open source projects. This campaign was designed with the objective of supporting open source projects that don’t have the resources to perform a full web security audit.

Open source projects are a main target for malicious hackers; the availability of the code facilitates the analysis of vulnerabilities, making it easier to breach organizations which depend on the software.

Websec supports the open source philosophy and understands that a large percentage of web applications these days depend on open source software. Therefore, Websec is committed to help this initiative that benefits millions of people.

Even though this campaign has just begun, this is not the first time that Websec has contributed to open source projects. Some of them include:

Metasploit Nmap Zen cart PHPIDS CakePHP WebBuilder Commonspot Jaws Project

Projects that are accepted will be given a free web security audit, with the objective of discovering and correcting all found vulnerabilities in the project.

To submit your open source project, please read the ‘Guidelines and Procedures’ and fill out the form at http://websec.ca/opensource-web-security-campaign


Latest Blog Entries

Belkin Wemo Switch NMap Scripts
Belkin Wemo Switch Smart Plug is a network controlled power outlet. The current firmware version does not requiere authentication to switch the power ON or OFF or to gather information such as nearby wireless networks. Two NMap scripts have been published

Downloading an Application's Entire Source Code Through an Exposed GIT Directory
Website administrators sometimes inadvertently leave an exposed .git directory, from which it is possible to download the entire source code of the web application using just wget and a common server misconfiguration.

credmap: The Credential Mapper
An overview of credmap, an open source penetration testing tool that automates the process of testing for credential reuse. It does so by testing supplied user credentials on known websites and verifies if the password has been reused on any of these.

Latest News

Blackhat EU 2015
Websec participated with two tools at the Blackhat, EU Arsenal held in Amsterdam, NL from the 10-13 of November, 2015. During this event, we introduced our brand new tool "credmap: The Credential Mapper" and also presented an amped-up version of Panoptic.

BSides Vancouver 2015
Websec is proud to announce that we will be attending the 3rd annual edition of BSides Vancouver, a local non-profit information security conference held in the heart of Vancouver, BC on March 16 and 17.