The problem BugBase - An Indian Bug Bounty Platform solves

Our application is a platform for Indian companies, startups and firms to easily set up bug bounty programs on a consolidated system which can easily be reached out and be seen by skilled ethical hackers and enthusiasts all over the country. The social issues being tackled are the public safety and protection of sensitive information from security breaches. Our application ensures that by allowing a simple confidential interaction between people who find problems and bug in these firms and companies systems and systems which benefit from making themselves more secure.

Simplicity and Dependence are what we assure.

Our aims with the Bug Base application include giving equal opportunities to New Start-ups and Established Companies to get their security vulnerabilities resolved. keeping our product in line with Indian expectations to succeed financially in the Indian Market. Building a pleasing User Experience to encourage people to use our product and collaborate with the Indian Government in the future to include their websites such as the Aarogra Setu app on our platform. The Government of India is known to have buggy and vulnerability ridden websites which can be hacked with ease, therefore collaborating with us will ensure their websites are secure which in turn will greatly benefit the nation.

We have also added the functionality for Companies and academic institutions to host capture the flag or quiz competitions on our website. Capture the flag events are points-based timed ethical hacking competitions, many people solve these challenges to improve their ethical hacking skills. This will also allow the company to promote its bug bounty program.

Challenges we ran into

Deciding the tech stack

We are faced with the challenge of making a large-scale web application in a 2 day time period which goes with an API in the backend. We decided to go with an approach that allows creating a single page application (SPA) which are known to be much faster than applications which serve the entire page e.g. Using res.render in NodeJS. This also allowed us to build the frontend and backend completely separately making the development of the product during the hackathon much faster as we assigned two members to each.

We decided to use NodeJS along with MongoDB as the building blocks for the backend API. We also used AWS S3 buckets to store the user profile pictures and any other large data that is generated including PDFs. We purchased the domain bugbase.in from GoDaddy and set up an email [email protected] with Zoho Mail. For the frontend, we chose to go with the frontend framework VueJS to manage all our routing and making API calls. The API is hosted on http://api.bugbase.in which has two routes /api/auth and /api, /api/auth is where the user gets authenticated and a JWT gets generated which can be used to access the /api route in the API. The frontend fetches the data using Axios and displays the data on the users end i.e. On http://bugbase.in. All have SSL certificates as they have been proxied through Cloudflare.

Bugs in the Bug Bounty Platform

Most of the technology we used while making this product was very new to us including interacting with S3 buckets and using NodeMailer to send emails via the Zoho SMTP server. As a bug fixing platform, we had to ensure that our platform itself, did not have any bugs itself. One of our team members is an OSCP and CEH certified cybersecurity professional who audited the entire website, ensuring that our platform is secure including setting up relevant CORS policies. We went with JWT authentication instead of the usual session auth as it allows us to securely interact with our API.