I am currently taking a cybersecurity course and as the topic of my project I chose pentesting. I am aware there are CTFs and intentionally vulnerable applications, but I thought it would be interesting and fun to audit projects of other people who are also just students and/or learning programming.

If you have a webapp, mobile application or any other internet connected project that has enough of an attack surface then I would love to get in touch and possibly pentest it. Of course I’d report any issues I’d find so hopefully it would benefit both parties.

I also do pentesting as my job, so I am not a total newbie. If you have any questions feel free to reply here or DM me. If you are scared of letting someone you don’t know pentest your application (which is understandable) I can also help with setting up a testing environment, creating mock data, etc.

Thanks in advance!

  • @[email protected]
    link
    fedilink
    123 months ago

    This is a lot of fun. I work for a small university that has a software development course and a cyber security course. Every once in a while we pair some of the brighter students so the cs guys and girls can try to hack the sd projects. They always succeed, but it’s always a very fun lesson for both parties.

    • @[email protected]OP
      link
      fedilink
      English
      5
      edit-2
      3 months ago

      They always succeed

      well student code is student code, but you can tell them that the code of big corporations is probably worse (speaking from experience as a pentester)

      What you said sounds really cool tho, although probably too late for my usecase I will bring it up to my teacher as a suggestion for maybe next year. I tried asking students from my school about this by myself but didn’t have much luck. It is cool to hear that your school does something like this. From my experience with mine and some of the teachers I think when I suggest this it will fall on deaf ears anyway… each subject has an end of the semester survey asking for suggestions and I have never seen any of them ever implemented or considered.