[pentest-to] Re: Referrals for security audit of Trump resistance project

• From: Justin Bull <me@xxxxxxxxxxxxx>
• To: pentest-to@xxxxxxxxxxxxx, patrick.c.connolly@xxxxxxxxx
• Date: Wed, 08 Feb 2017 21:38:23 +0000

Mobile mail client sucks. CC'ing patrick.c.connolly@xxxxxxxxx into it

On Wed, Feb 8, 2017, 4:37 PM Justin Bull <me@xxxxxxxxxxxxx> wrote:

I have experience in reviewing webapps for security

Depending on my availability I can take a look.

How would I get access to review?

On Wed, Feb 8, 2017, 4:13 PM Patrick Connolly <
patrick.c.connolly@xxxxxxxxx> wrote:

Hello, mailing list!

(Sorry for double-mailing if you're on the HackLab mailing list.)

Some friends in Toronto are working on an international project, and
looking for some help with security audit. I thought y'all might know or be
interested persons. Feel free to FW to your heart's content!

Here are the details in my words:

*Are you frustrated with recent actions by the Trump administation and
looking to be part of an effort to push back?* Well, then this might be
an opportunity to use your skills as a security consultant.

The EDGI project <https://envirodatagov.org/> (aka "guerilla archiving")
is an international group of academics (archivists, librarians, information
studies, etc.) and non-profits, working to preserve environmental data
during the Trump transition. More generally, they're building tools and
process for preserving government data. They've gotten quite a bit of positive
press
<https://theintercept.com/2017/01/27/a-coalition-of-scientists-keeps-watch-on-the-u-s-governments-climate-data/>
.

They're hoping to open-source their main pipeline tool as soon as
possible, but would feel much better about this after a light security
consultation. The hope was for a high-level holistic audit. Light
code-review of their javascript app is a bonus: Meteor app backed by
MongoDB on Heroku. (They built with the skills and experience they had
access to.)

Importantly, they currently have no funds. Given the public support
they've seen, they are looking into ways to fund a longer term review of
their security.

Any amount of time, full or in part of above goals, is appreciated.

*Key questions*

   - Is Meteor appropriate given our concerns and needs?
   - What are best practices for securing our stack? (Meteor app,
   MongoDB, Heroku)
   - Is our actual implementation secure?



--
Justin Bull
PGP Fingerprint: E09D 38DE 8FB7 5745 2044 A0F4 1A2B DEAA 68FD B34C

--

Justin Bull
PGP Fingerprint: E09D 38DE 8FB7 5745 2044 A0F4 1A2B DEAA 68FD B34C

• References:
  • [pentest-to] Referrals for security audit of Trump resistance project
    • From: Patrick Connolly
  • [pentest-to] Re: Referrals for security audit of Trump resistance project
    • From: Justin Bull

Other related posts:

• » [pentest-to] Referrals for security audit of Trump resistance project- Patrick Connolly
• » [pentest-to] Re: Referrals for security audit of Trump resistance project- Justin Bull
• » [pentest-to] Re: Referrals for security audit of Trump resistance project - Justin Bull

1. Home
2. pentest-to
3. Archive
4. 02-2017

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---