Web developers, C++ developers, other developers.
We have a public network (reachable via VPN from the internet one month before the event) with a live FinTP platform (prerelease).
You will group in 2-4 teams and explore ideas to use the exposed APIs.
You will use your own computer to connect to the FinTP server or to one of the preconfigured development virtual machines.
We’ll make available under GPL v3 the source code for two APIs : UDAL (universal database access library) (C++) and API FinTP REST (Java).
We’ll install and configure on one server the following : PostgreSQL Server, Oracle Server and a live FinTP API with relevant data.
Eight virtual CentOS machines will be preconfigured with the development environment set up for web development (Apache+Eclipse) and C++ (gcc+Eclipse).
Also on the development machines the following prerequisites will be installed : Oracle instant client, ODBC client Apache/Tomcat application server.
The source code developed during the event will belong to those who wrote it. At the end of the event you will present your idea and also what you could implement in the limited amount of time. We’ll use your feedback about API documentation and ease of use to further improve the quality and relevance of what we’re sharing : the FinTP code.
Our goal is to create a secure application for it’s users and protect the data it holds.
Anything is allowed : SQL injection, use platform vulnerabilities, cross site scripting, port scans…
Web security experts, enthusiasts who know tools to probe for vulnerabilities
Event setup (1 day onsite):
We have a private network (no internet access) with two live platforms of FinTP (prerelease);
You will use your own computer, which will be joined in the private network, and may use any tool to test the security of the application.
Two virtual CentOS machines with the latest release of FinTP.
Also on the machines the following prerequisites will be installed : Oracle Server, WMQ server, WAS application server.
We’ll use the info you give us about the exposed vulnerabilities to improve the security of the FinTP platform. You will need to explain the exploit path.
See the full rules and regulations page for this event.