Open
Description
Webapp pentesting is a skill that will be needed to make sure ZeroChat is a secure application. I am almost certain that there is something vulnerable - there are already more than 700 lines of code at the first commit.
I will prioritize the following:
- Research memory leaks and how to detect/exploit and avoid them or protect against exploitation
- Reduce code size and attack surface
- Make the program more modular so that debugging and bug hunting/fixing becomes easier
- Use fuzzers and try to break the server/take it down/inject malicious code
- Automatically detect and block DDoS attempts