Versions Compared

Old Version 35

changes.mady.by.user Michael Vorburger

Saved on

compared with

New Version 36

changes.mady.by.user Michael Vorburger

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Security Penetration testing

Get Stoked - End Poverty. One Get Stoked - End Poverty. One Line of Code at a Time.

Table of Contents
outlinetrue

...

MentorsJames Dailey
Overview & Objectives

Pay-as-you-go mobile phones have revolutionized access to telecom, the same can be done with solar energy access. Off-grid installations of PVC panels and batteries can be pared with a mobile payment mechanism to allow clients to purchase power "as they use it". This functionality will allow organizations to become involved with 3rd party providers of solar systems.

Description
  1. Create a pre-paid account mechanism as an account type or account option in Mifos (perhaps extending existing classes), zero fees.
  2. Create a new API for consuming pre-paid account balances.  
  3. Create a simple external model that mimics consumption by a household on a daily basis - imagined as a set of data received from solar panel (watts used, time of day, volts present).  
  4. Load up pre-paid account by account transfer in P2P interface (my phone to your account) or via trusted agent - i.e. trusted agent receives cash and loads account on Mifos.
Helpful Skills SQL, Java, Javascript, Git, Web Services
Impact

Providers of pay-as-you-go solar can use MIFOS for their operations. MFIs can become such providers.

Other ResourcesMobile project on MifosX

...

Mentors Nayan Ambali
Overview & Objectives

At present MIfos X platform is shipped with Community-App (SPA) as default UI, but initial load time of the application high. And for users on narrow bandwidth internet it takes a considerable amount of time to load the app.

Instead of loading the app every time, we can convert the Community-App into a Chrome App and user can download them once and install it ion the machine, and it can used as thick client.

Description

Community-App is completely developed on top of JavaScript, CSS and HTML. And Chrome apps are also written in same stack. Using grunt we should be able to repackage Community-App(SPA) into Community-App(Chrome App)

Helpful SkillsJavascript, AngularJS, Grunt
Impact

Users with slow internet connectivity can use this app (Installed on the machine) instead of loading Community-App (SPA) on the browser. Users will also have a continually updated app. This will also allow MFIs to potentially use Chromebooks as field-based devices for their branches.

Other Resources  http://developer.chrome.com/apps/angular_framework.html

...

MentorsSander van der Heyden 
Overview & Objectives

To develop a portal that aggregates information from different MifosX deployments and report on predefined social and operational metrics

Objectives:

  • Implement back-end logic in MifosX required to make information available to the client impact portal
  • Implement UI and back-end logic of the Client impact portal
Description

 Microfinance institutions usually work with various external parties, such as funders or investors. Using the data that is available in MifosX we would like to offer those stakeholders a seperate portal showing accurate and high-level information about the institution that would otherwise be reported manually by the institution. This information helps them in their decision making processes, but also enables them to assess the broader impact they are having with their funding.

Helpful Skills  SQL, Java, Javascript, Git, Web Services
ImpactFunders and investors are vital for almost all MFI's, providing them with accurate information on the impact they are making with each of their MFI's is something they highly value and that enables them to assess whether they want to further support the MFI's moving forward to enable growth of the MFI.
Other ResourcesData Analytics & Client Insight - Are we making an impact? (Client Impact Portal demo)

Security Penetration testing

Mentors?
Overview & Objectives

We believe the Mifos X platform is super secure and impenetrable. Your mission, should you choose to accept it, is to prove us wrong, and help close gaps you may find.

Description

Beyond a one time exercise, you could integrate the tools you've used into our build chain so that, even after you've gone, tools flag up future newly introduced potential vulnerabilities.

Helpful SkillsCandidates applying for this project would ideally have prior experience in penetration testing, and document this in their application.
ImpactRe-assuring the more Entreprise-y type Mifos clients that they can safely bet on Mifos X as an MFI platform.
Other Resources

https://www.owasp.org/index.php/Main_Page

https://code.google.com/p/zaproxy/

http://wapiti.sourceforge.net

Run FindBugs & related tools for some serious static code analysis

http://en.wikipedia.org/wiki/Penetration_test

Scalability testing, reports, infrastructure for ongoing test, documentation

Mentors?
Overview & Objectives

 

Description

 

Helpful Skills 
Impact 
Other Resources 

Custom Fantastic Mifos Project

...