Google Code-in 2014: all wrapped up

Google Code-in 2014 (GCI) is in the books! This has been an exciting year for GCI: we celebrated the fifth anniversary of the contest and experienced our largest student participation to date.

Congratulations to all of the students who had their first experience with open source software development during GCI 2014. Over the last seven weeks, 667* students from 54 countries completed 3,260* tasks in the contest.

We had 12 open source organizations dedicated to teaching teens about open source and their communities participate this year. These organizations created almost 4,000 tasks for students to choose from in the following categories: coding, user interface, documentation, training, research, outreach, and quality assurance. Some of the tasks students completed in the contest include: writing small pieces of code, creating tutorials, redesigning landing pages, optimizing social media accounts, creating new plugins, finding and fixing bugs, creating webcasts on accessibility testing, and building test cases.

GCI gives students the opportunity to put the skills they have been learning in the classroom to use on real software projects while also learning how to communicate effectively with people from all around the world by participating in these open source communities. The collaboration aspect of GCI is the key to the success of the program and the real benefit to the students. During the course of the contest, they learn that open source software projects are a true team effort and there are many ways that you can contribute to a community.

Stay tuned: we will announce the 24 Grand Prize Winners for the GCI 2014 contest here on February 2nd. Currently the mentors are busy reviewing the final work submitted by students, and then each of the 12 organizations will decide on their five finalists (who will all receive a special finalist sweatshirt). Of those five finalists, two students will be named the Grand Prize winners for each organization. Each Grand Prize winner and a parent will receive a 4 day trip to Google’s California headquarters this June where they will meet Google engineers, take part in an awards ceremony, and enjoy a fun-filled day of adventure in San Francisco.

GCI would not be possible without the heart of the program: the GCI mentors and organization administrators. These mentors and org admins spend countless hours creating and reviewing hundreds of tasks while also teaching students about all facets of open source development: community standards, new and exciting technologies, code reviews, version control systems, IRC, and everything in between. They are volunteers who are passionate about introducing teens to their open source communities and their reward is seeing the light go on in a student when they become excited about open source software development. A HUGE thank you to all of these mentors and org admins who make this program a success!

In the coming weeks we will share some statistics from this year’s program as well as posts about some of the extraordinary work students completed during Google Code-in 2014.

Congratulations Students, Mentors, and Organization Administrators on a job well done!

* The final evaluations are currently being graded; these numbers could increase in the next few days.

By Stephanie Taylor, Google Code-in Program Manager

Google Summer of Code Wrap up: Sigmah

Today’s Google Summer of Code (GSoC) wrap-up comes from Olivier Sarrat at Sigmah, an open source project producing a web app to help humanitarian aid organizations manage their projects.

Sigmah is an initiative led by 12 NGOs to develop open source project management software for the international aid sector. It is a Java web application developed with GWT. This summer, three GSoC students from Brazil, India, and Romania implemented high-priority features which will soon be available in our Sigmah 2.0 release.

Renato Almeida worked on making Sigmah more flexible. In version 1.2, project model parameters couldn’t be changed if the model had already been used to create a project, but thanks to Renato’s work, this will soon be possible. For example, an organization could begin requiring its teams to attach the Terms of Reference to the initial assessment field visit, and this could be applied to all ongoing projects that have not yet completed the initial assessment phase. This allows organizations to react faster to feedback from team members and amend software parameters accordingly.

S.P. Mohanty, who has been working with Sigmah via GSoC since 2012, has improved Sigmah’s file transfer mechanism so that interrupted uploads can be resumed at a later time. This means it will no longer be necessary to wait and retry several times when sending a large file over an unreliable network connection. Mohanty’s work has also been re-used in the development of the offline mode.

Finally, Lucia Madalina Cojocaru’s work focused on a specific aspect of collecting indicators used to determine if a humanitarian project’s goals are being met: the management of data collection sites and project location. She also added the ability to use OpenStreetMap (OSM) in addition to the existing support for Google Maps. For humanitarian organizations, OSM collaborative maps can sometimes be more up-to-date and precise in the immediate aftermath of a crisis. Lucia also established the technical foundations so that in the future it will be possible to export data in Humanitarian eXchange Language (HXL), a standard from the OCHA (UN Office for Coordination of Humanitarian Affairs) which aims to improve coordination within the sector.

By Olivier Sarrat, Sigmah Organization Administrator

Google Summer of Code Wrap up: OWASP

This week’s Google Summer of Code (GSoC) wrap up comes from Fabio Cerullo at The Open Web Application Security Project (OWASP), a charitable organization improving software security across the web.

At OWASP, we were thrilled to be part of GSoC for our third consecutive year. Our interaction with students and universities across the world has skyrocketed since we began participating in the program. In 2014, we received more than 90 proposals. We were able to accept 16 students who worked on a diverse range of application security projects. Below, we highlight a few of these.

Seraphimdroid: Before GSoC, SeraphimDroid was a research project aimed at educating end users about risks and threats coming from other Android applications and we had not given much thought to its interface. Furquan Ahmed implemented a modern user interface which is nicely integrated with existing features. Also, Furquan proposed and implemented several new features like alarming, an application locker, and geo-fencing. His work is now part of the latest release.

OWTF: The OWASP OWTF (Offensive Web Testing Framework) project began by applying chess-playing techniques to penetration testing (“pentesting”). We hoped this would help address the problem of pentesters rarely having adequate time to test systems. Several GSoC students this summer wrote code for new features included in our 1.0 Lionheart release. Tao Sauvage implemented Automated Rankings which helps users identify more serious vulnerabilities. Anirudh Anand developed a passive online scanner with flexible mapping and a templating engine. Deep Shah integrated OWTF with Mozilla Zest support and OWASP ZAP. Marios Kourtesis developed a Web Application Firewall (WAF) bypasser. Finally, Viyat Bhalodia improved the stateful browsing and session management of the tool.

There’s more information (including videos) about all the new features on the official release page.

Hackademics: The OWASP Hackademic Challenges project allows users to learn more about pentesting through simulated attacks in a safe and controllable environment.  One of the students, Bhanudev Chaluvadi, wrote 20 new challenges covering a range of topics such as buffer overflows, injection attacks, regex bypasses, brute forcing, and some cryptography breaking. He also improved almost all the existing challenges. Another student, Paul Chaignon, wrote 17 new challenges covering the OWASP Top Ten vulnerabilities and created a score calculator. Last but not least, Subhayan RoyMoulick created 9 intermediate-level cryptography challenges which include common attacks on RSA implementation vulnerabilities, frequency analysis, man in the middle, and one time pad attacks. All the students were actively participating in the community proposing solutions to known problems or finding bugs we missed (and often fixing them).

CSRF Protector: This year, GSoC allowed OWASP to create a new project to address Cross-Site Request Forgery attacks: CSRF Protector. Minhaz A V proposed the project and implemented it as a PHP library and an Apache HTTPD module. CSRF Protector complements OWASP’s preexisting CSRFGuard for Java web applications and greatly expands the types of projects OWASP can help protect from CSRF vulnerabilities.

GSoC is a great program that benefits students, open source projects, and mentors. It also helps the industry by giving students the opportunity to work on real world problems with highly experienced professionals. For many students, this will be the starting point for successful careers in the computer industry. I would like to invite all students interested in open source and application security to get involved with OWASP projects and subscribe to our OWASP GSOC mailing list.

By Fabio Cerullo, OWASP Organization Administrator