My Journey of Google Summer of Code: A Challenge and Rewarding Experience
So it begins! I was fortunate enough to be selected for Google Summer of Code (GSoC) in 2023. I was drawn to the GSoC program because I wanted to work on a real-world project and obtain practical experience. In addition, I wanted to contribute to a project that I was enthusiastic about and learn more about open-source programming.
The Journey
The first step in the GSoC process was to find a project. I spent a lot of time researching different projects(Making an Excel sheet with different orgs and their projects helps filter out your interests and varied projects). I eventually found a project that I was interested in, which was to scale RayZed (ray-based cloud-native web vulnerability scanner). This project was the right mix of scaling out the cloud as well as performing application-level optimization.
Once I found a project, I had to write a proposal. The proposal explained my ideas for the project and prototype on GCP. I also had to explain why I was the right person for the project.
My proposal was approved. Ravindu, my mentor from C2SI, was incredibly supportive and helpful. He gave me a head start on the project and responded to all of my inquiries.
I spent 12 weeks on the project. Along the journey, I encountered many obstacles, including time management issues, technical problems, and communication problems. I was able to overcome these obstacles, nevertheless, and finish the project.
One of the major challenges was figuring out a way to optimise RayZed at the application as well as at the virtual machine level and integrate it. The architecture to scale this had to be revised iteratively considering the constraints, testing and taking feedback from the mentor. Deciding on the distributed architecture and then testing it iteratively was the key to solving the scaling issues.
One of the major Eureka! movements was to figure out that spider scan session files could be transferred and active scan could be built upon the previous spider scan results in ZapZed. Then distributing the active scan into smaller chunks to speed up the process.
The Skills I Learned
GSoC allowed me to gain a lot of knowledge. I gained knowledge of software engineering, distributed computing (scaling out), web vulnerability analysis, cloud computing, and open-source development.
To summarize:
- Distributed computing through Ray,
2. Web scanning analysis through Zap Zed (Spider and Active)
3. Optimizing VMs in GCP
4. Setting up communication between VMs through ssh, scp, automating through python scripts.
5. Optimization based on application level as well as GCP Vm level.
6. Ensuring smooth delivery of session files between different daemons and instances.
One of the most crucial abilities I picked up was problem-solving. I had to learn how to recognize issues, develop solutions, and then put those solutions into action. I also gained knowledge on how to troubleshoot bugs in my coding.
Additionally, I developed good time management skills. I had to develop the ability to prioritize my job and work quickly. Along with that, I improved my communication skills with my mentor.
The Impact of GSoC
I was significantly impacted by GSoC in both a professional and personal sense. As a person and a developer, I developed. I gained a lot of knowledge about my skills and myself. I also made new connections and pals.
I am appreciative of the chance to take part in GSoC. I will never forget that experience because it was both difficult and gratifying.
Conclusion
I encourage other peeps to submit GSoC applications. It is a fantastic chance to develop new skills, network, and gain practical experience.
I wish this post had motivated you to submit an application for GSoC. Feel free to get in touch with me if you have any questions.
Appendix
Link to my previous article which explains the architecture
https://medium.com/scorelab/enhancing-cybersecurity-with-cloud-computing-rayzed-gsoc23-786f22aa9f3
