Summary: There are a lot of security vulnerabilities in the LibreHealth EHR Code. This project will aim to fix those vulnerabilities. Some of them are public, others live in a report from security researchers. The accepted student will be granted access to the document. You should prioritize the newer vulnerabilities over the publicly disclosed ones in your project proposal.
Skills:
Web Development (HTML, CSS, JS, MySQL, PHP, Laravel)
Knowledge of web security vulnerabilities is a huge plus
Task Prerequisites :
Clone and setup the EHR instance locally
Solve at least two issues on our issue tracker to get familiar with the codebase. They should be security-related.
Deliverable: At the end of the summer we will have reduced the number of security vulnerabilities hopefully to zero.
Bonus points: Perform a penetration test on LibreHealth EHR and submit a report, in addition to your final code work product to prove that you have caught all of the severe vulnerabilities.
Resources: The codebase is currently hosted on Github here and the documentation here
Hello I’m Falence Lemungoh a Computer engineering student at the University of Buea. I vest with HTML, CSS, MySql, Javascript and PHP with Laravel. I would love to be part of this project. My local environment is setup and running. I’m looking forward to getting started with prerequisite issues
Well 1 of your pull requests is invalid since you failed to check if it was addressed and secondly your fixes are not correct at all. This worries me since you need attention to detail as to not introduce more vulns when you fix things.
To add onto what I said: What you exhibited @Falence is a huge red flag when it comes to what we’re looking for. Security vulnerabilities are introduced when people don’t pay attention to the whole picture and get lazy.
Your pull requests show that you don’t know variable is thrown into the session when a user is authenticated, something you could have looked up. Based on what I can see you did everything from GitHub and didn’t run this at all. Your chances are not looking good.