Hello everyone, We built clubsall, a frontend for federated content. Since the goal is to help build a reddit competitor, open sourcing is the logical next step.

However, without a review, I am afraid website could get hacked quickly.

Does someone with experience in scanning code for security issues or white hat hacking wants to help increase confidence so I can open source it?

  • SorteKanin@feddit.dk
    link
    fedilink
    English
    arrow-up
    26
    ·
    2 months ago

    Obscurity is not security, so you could argue that you should just open source it anyway. Any security holes present are also there right now - the fact that the source code is not available is irrelevant.

    But if you insist, it may help if you say what programming language is used.

    • Blaze (he/him)
      link
      fedilink
      English
      arrow-up
      12
      ·
      edit-2
      2 months ago

      OP mentioned typescript, next, React in another comment, but no backend language

      • SorteKanin@feddit.dk
        link
        fedilink
        English
        arrow-up
        13
        ·
        2 months ago

        Yea - when it comes to a security review, it’s really the backend that matters the most though.

    • catloaf@lemm.ee
      link
      fedilink
      English
      arrow-up
      5
      ·
      2 months ago

      Agreed. Open source it and let everyone review it.

      But even if you don’t have experience, it’s easy to gain. Start with OWASP, find some static code analysis tools, and run fuzzers. It’s a good start.