OWASP is applying to be a Google Summer of Code (“GSoC”) mentoring organization in 2017!

Open source software is changing the world and creating the future. Want to help shaping it? We’re looking for students to join us in making 2017 the best Summer of Code yet!


Google Summer of Code Program Site

OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted.

All students currently enrolled in an accredited institution are welcome to participate in the Google Summer of Code 2017 program, hopefully along with the OWASP Foundation.

Below you could find all the instructions on how to participate.

What is GSOC?

The Google Summer of Code program (“GSoC”) is designed to encourage student participation in open source development. Through GSoC, accepted student applicants will be paired with OWASP mentors that will guide them through their coding tasks.

Benefits to students include:

This program is done completely online. Students and mentors from more than 100 countries have participated in past years.

Instructions common to all participants

All participants should take a look at the Google Summer of Code Program Site every now and then to be informed about updates and advice. It is also important to read the Summer of Code FAQ, as it contains useful information. All participants will need a Google account in order to join the program. You’ll save some time if you create one now.

Programming Language

While the majority of OWASP tools are developed using C++/Java, we do accept other languages, including (but not limited to) Python, Ruby and C#. C++ will be accepted for any project. Submissions and ideas for projects in any other language should specifically mention the choice.

Instructions for students

Are you a student and want to code for an OWASP project? Here are the steps and some tips on getting started:

  1. Think of a good idea – For reference see GSoC 2017 Ideas
  2. Do some research yourself based on the idea, write up a proposal draft
  3. Post it to the mailing list at https://groups.google.com/d/forum/owasp-gsoc for initial discussions with OWASP mentors.
  4. Based on feedback, write a full proposal – See template below: https://www.owasp.org/index.php/GSoC_SAT
  5. Submit your proposal to Google from March 20 thru April 3rd 2017.

Students wishing to participate in GSoC must realize this is a formal commitment to produce code for the selected OWASP Project during three months. You will also take some resources from OWASP project leaders, who will dedicate a portion of their time to mentor you. Therefore, we’d like to have candidates who are committed to helping OWASP mission. You don’t have to be a proven developer – in fact, this whole program is meant to facilitate joining OWASP and other Open Source communities. However, experience in coding and applications are welcome.

You should start familiarising yourself with the components that you plan on working on before the start date. OWASP Project Mentors are available on the mailing list https://groups.google.com/d/forum/owasp-gsoc for help.

General instructions

First of all, please read the instructions common to all participants and the GSoC FAQ. Pay special attention to the Eligibility section of the FAQ.

Getting in touch

Coming up with an interesting idea is probably the most difficult part of all. It should be something interesting for an OWASP Project, and more importantly for you. It also has to be something that you can realistically achieve in the time available to you.

Finding out what the most pressing issues are in the projects you’re interested in is a good start. You can optionally join the mailing lists for that project: you can make acquaintance with developers and your potential mentor, as well as start learning the codebase. We recommend strongly doing that and we will look favourably on applications from students who have started to act like Open Source developers.

Student proposal guidelines

A project proposal is what you will be judged upon. So, as a general recommendation, write a clear proposal on what you plan to do, what your project is and what it is not, etc. Several websites now contain hints and other useful information on writing up such proposals. OWASP does not require a specific format or specific list of information, but there is an application template on the OWASP page in Google Melange with some specific points that you should address in your application:

After you have written your proposal, you should get it reviewed. Do not rely on the OWASP mentors to do it for you via the web interface: they will only send back a proposal if they find it lacking. Instead, ask a colleague or a developer to do it for you.


The PostgreSQL project has also released a list of hints that you can take a look.

Instructions for mentors If you’re a developer and you wish to participate in Summer of Code, you can do it in two ways: the first and easiest is to make a proposal in the [https://www.owasp.org/index.php/GSOC2017_Ideas] page. Take a look at what the different OWASP Projects needs or what you feel should have. Feel free to submit ideas even if you cannot elaborate too much on them.

The second possibility is to be a mentor for a more specific idea. If you wish to do that, please read the instructions common to all participants and the Summer of Code FAQ. Also, please contact the project leader for your application or module and get the go-ahead from them. Then edit the ideas page, adding your idea.

Your idea proposal should be a brief description of what the project is, what the desired goals would be, what the student should know and your email address for contact. Please note, though, that the students are not required to follow your idea to the letter, so regard your proposal as just a suggestion.


If you wish to help us even more, you can be an OWASP mentor. We will potentially assign a student to you who has never worked on such a large project and will need some help. Make sure you’re up for the task. When subscribing yourself as a mentor, please make sure that your application or module maintainer is aware of that. Ask them to send the Summer of Code OWASP Administrators an email confirming to know you. This is just a formality to make sure you are a real person we can trust – the administrators cannot know all active developers by their Google account ID.

If you would like to get an idea of what is involved in being a good mentor, be sure to read the mentoring guide.

You will be subscribed to a mailing list to discuss ideas. We will also require you to read the proposals as they come in and you will be allowed to vote on the proposals, according to rules we will publish later.

Finally, know that we will never assign you to a project you do not want to work on. We will not assign you more projects than you can/want to take on either. And you will have a backup mentor, just in case something unforeseen takes place.

Subscribing as mentor

To subscribe as mentor, you need to complete a few easy steps.

Instructions for OWASP Project Leaders

If you are an OWASP Project Leader, you may be contacted by developers in your project about an idea they want to submit. You should judge whether the idea being proposed coincides with the general goals for your OWASP Project. If you feel that is not the case, you should reply to your developer and suggest that they modify the proposal. You do not need yourself to be a mentor, but we would like you to.

Contact OWASP GSoC Admininstrators

To reach the OWASP administrators for Summer of Code, please send an email to the GSOC Administrators below.

The GSOC 2017 Administrators are: