Security review for login-service & survey-web-app -- App Engine, Python, Javascript
- 진행 현황: Closed
- 상금: $1000
- 응모작 접수(건수): 5
- 수상자: newsoftwaresolu
콘테스트 개요
GOAL
I have a prototype login-system, similar to open-ID, for authenticating voters. Also I have a survey web-app using the login-system.
This is a contest to find the most important security problem, both in the login site and in the survey app.
Describe the vulnerability, with:
* Endpoint affected
* Example exploit / input
* Estimate of severity / potential bad effects
* Suggested fix
SYSTEM
The system runs in Python on Google App Engine, with client webpages using Javascript.
The code is here:
https://github.com/chadbrower0/openVoterId3
https://github.com/chadbrower0/proCon3
EXAMPLE DATA
Survey web-app example pages:
* You may need to copy & paste these links, because freelancer.com breaks these URLs.
* Feel free to create more example pages.
* https://www.choosewithreason.com/procon#page=proposal&link=9DxVVGWcWlmPQLofuJ2vuCP1yAQ7gsOczmkbmB2TIXVlKOZij7
* https://www.choosewithreason.com/procon#page=request&link=ydef4LAXNkHnOOQoyDp8cvuFu3s4h6YnwRAy1ZGHqtmOkM5IWy
* https://www.choosewithreason.com/autocomplete#page=question&link=soGqnBjwQMm2koXVbV4KgaOMD5wv4FpdeX8PPIznHfc1oi9iuc
* https://www.choosewithreason.com/autocomplete#page=question&link=07CPZ6KFprXg9QSl5MEZXaQ1wgh6Az0oOY1kHymXyj5aavHsi2
Example voter information is attached separately.
추천된 기술
고용주 피드백
“@newsoftwaresolu won the contest on 22 June 2020”
chadbrower, United States.
이 콘테스트의 최상위 응모작
-
newsoftwaresolu Tunisia
-
newsoftwaresolu Tunisia
-
webzonebd99 Bangladesh
-
dsamanmishra3 India
-
Shyam247 India
공개 설명 게시판
콘테스트를 시작하는 방법
-
콘테스트 등록 신속하고 간편한 절차
-
응모작 접수 세계적인 참가 범위
-
최우수 응모작 선정 자료 파일의 다운로드(초간단!)