Summary: There are a lot of security vulnerabilities in the LibreHealth EHR Code. This project will aim to fix those vulnerabilities. Some of them are public, others live in a report from security researchers. The accepted student will be granted access to the document. You should prioritize the newer vulnerabilities over the publicly disclosed ones in your project proposal.
- Web Development (HTML, CSS, JS, MySQL, PHP, Laravel)
- Knowledge of web security vulnerabilities is a huge plus
Task Prerequisites :
- Clone and setup the EHR instance locally
- Solve at least two issues on our issue tracker to get familiar with the codebase. They should be security-related.
Deliverable: At the end of the summer we will have reduced the number of security vulnerabilities hopefully to zero.
Bonus points: Perform a penetration test on LibreHealth EHR and submit a report, in addition to your final code work product to prove that you have caught all of the severe vulnerabilities.