this post was submitted on 14 Oct 2024
71 points (96.1% liked)

Fediverse

28387 readers
711 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!

Rules

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy

founded 1 year ago
MODERATORS
ruud@lemmy.world
TragicNotCute@lemmy.world
Xylinna@lemmy.world
MrCenny@lemmy.world
automodbeta@lemmy.world
woelkchen@lemmy.world
71
Help me open source ClubsAll - need a senior security engineer to review code (lemmy.world)
submitted 1 month ago by vinay_clubsall@lemmy.world to c/fediverse@lemmy.world
17 comments fedilink hide all child comments
 

Hello everyone, We built clubsall, a frontend for federated content. Since the goal is to help build a reddit competitor, open sourcing is the logical next step.

However, without a review, I am afraid website could get hacked quickly.

Does someone with experience in scanning code for security issues or white hat hacking wants to help increase confidence so I can open source it?

you are viewing a single comment's thread
view the rest of the comments
[–] SorteKanin@feddit.dk 26 points 1 month ago (3 children)

Obscurity is not security, so you could argue that you should just open source it anyway. Any security holes present are also there right now - the fact that the source code is not available is irrelevant.

But if you insist, it may help if you say what programming language is used.

[–] Blaze@feddit.org 12 points 1 month ago* (last edited 1 month ago) (1 children)

OP mentioned typescript, next, React in another comment, but no backend language

[–] SorteKanin@feddit.dk 13 points 1 month ago

Yea - when it comes to a security review, it's really the backend that matters the most though.

[–] catloaf@lemm.ee 5 points 1 month ago

Agreed. Open source it and let everyone review it.

But even if you don't have experience, it's easy to gain. Start with OWASP, find some static code analysis tools, and run fuzzers. It's a good start.

[–] vinay_clubsall@lemmy.world 0 points 1 month ago (2 children)

Typescript, Next, Cloudflare

[–] SorteKanin@feddit.dk 5 points 1 month ago

TypeScript for the backend too? Sorry, can't help with that. But I'd say just open source it anyway.

[–] Blaze@feddit.org 3 points 1 month ago* (last edited 1 month ago) (1 children)

I already mentioned those in another comment (https://lemmy.world/comment/12877250) with React as well, but those are all frontend languages.

Which languages was used for the backend?

[–] flamingos@feddit.uk 2 points 1 month ago (1 children)

You can write backbends in Typescript, It's what the *keys use.

[–] Blaze@feddit.org 2 points 1 month ago

Thanks, I didn't know