For week 10, I continued with some work I had outstanding from last week that has been previously described, and reflected on my time as a GSoC student. How I Found GSoC: I really enjoyed my time as a GSoC student — it is definitely something I would do again…

For week 9, I started research into a password security vulnerability. The Vulnerability: When a user creates/changes a password, the current length requirement is 8 characters long. This would be much more secure if it were 12 characters long, so my task was to make it so it could be…

For week 8, I worked with another GSoC member to patch an XSS vulnerability. The Vulnerability: To recreate this vulnerability, I took these steps: 1. Create a privilege named <script>alert(1);</script>. 2. Delete that privilege. 3. Get the alert box showing “1”. …

For week 7, I submitted a PR that partially fixed the XSS attack I have been working on. The Solution: First I ran the XSS attack, which involved editing the page’s URL by changing a variable to contain a JavaScript popup. I then used Inspect Element to view the source…

For week 6, I had a few setbacks in terms of running the OpenMRS SDK, but later in the week had some success in managing to edit the webpage in the code and have my changes reflected on the page. …

For week 5, I attempted to fix another RubyGems error similar to last week’s, but it was in a different module of OpenMRS. The Error: The error was the same as last week: the RubyGems link in the code did not support HTTPS and therefore my version of Maven could…

This week I had to put the XSS vulnerability on hold due to an error that wouldn’t let me update the code with Maven. I have since fixed this error and have submitted my first pull request, which I will talk about in this week’s blog. The Error: When I…

For Google Summer of Code with OpenMRS this week, I looked into setting up the programming environment with IntelliJ as my IDE, and locating the error in the code that made the previously mentioned XSS vulnerability possible. Setting Up IntelliJ: I had a few issues setting up IntelliJ initially as…

As mentioned last week, I am looking into fixing an XSS (Cross Site Scripting) vulnerability in the Appointment Scheduling part of the OpenMRS application. This week, in order to delve into the problem, I have been researching open source projects and how they work, getting to know OpenMRS, and learning…