Pro Bono Penetration Tests for Open Source Projects

Today I was hanging out in one of my favorite Slack servers and I decided to drop a small pitch for Paladin Security in the vendor related channel.  (Yes, I checked with the admin before I did so.) Someone popped up and asked me if I gave discounts for open source web apps.  Huh… do I?  I hadn’t really thought much about it.  We took it to DMs, discussed his project, and his planned timelines.  We actually ended up talking a lot about the app itself.  It’s pretty cool and I’m interested in hearing how it goes when released.  The result was yes, I do have a discount for open source web apps.  Free.

If you’ve done web app pen testing, then you know it can be a fair bit of work to test an app.  At the same time, I’ve used a ton of open source apps and here’s a chance to pay it back a bit.  Plus it helps a colleague who has an interesting project that he’s been busting his tail on.  So I’d like to propose the idea that some of us pen testers help out the community by taking on pro bono work like this.  If you know how to pen test an app, then help out.  Find a project that you know and love, then offer to pen test the app for free.  If an app doesn’t come to mind, then ask in your communication channel of choice if anyone is interested.  Pay it back a bit.

Obviously, we all have limitations to time.  I’ve got a job, a family, and all that.  But if you have an open source app that you want pen tested, drop me a line.  I can’t guarantee that I’ll be able to take the test on.  However, if I have availability and the app sounds interesting to me, then I’m happy to help out.  My discount is free.