Revamping the Organization Dashboard for OWASP BLT: My GSoC 2025 Journey

1. Project & Organization Overview

This summer I had the privilege of working with the open-source community under the umbrella of the OWASP Foundation, contributing to the OWASP BLT (Bug Logging Tool) project. OWASP BLT is a powerful open-source platform that enables users, organisations and security-researchers to report bugs, manage vulnerability workflows, run bug-bounties and track issue metrics — all in a community-driven, responsible-disclosure environment.

The specific challenge I addressed: security teams and open-source organisations often struggle with managing vulnerability reports, bug bounties and contributor performance in an efficient way. The existing organisation dashboard lacked advanced filtering, real-time analytics and strong collaboration tools, making tracking and resolving issues cumbersome. To address this, the project set out to redesign and enhance the dashboard UI (using Django Templates/HTMX + Tailwind CSS) and extend backend APIs, filtering/search, analytics, role-based collaboration, along with testing & documentation.

Key deliverables included:

1. A redesigned dashboard UI for seamless navigation
2. Advanced filtering & search for security reports
3. Real-time analytics & insights for decision-making
4. Collaboration features (issue assignment, commenting, notifications)
5. Optimised backend with secure API endpoints and role-based access
6. Comprehensive testing & documentation for future maintainability

2. What I Did

Here’s a summary of my contributions:

• I completely redesigned the organisation dashboard for OWASP BLT — from scratch I revamped the UI and layout to improve usability, navigation, and responsiveness.
• I tackled and resolved a large number of bugs and inconsistencies: over 14 pages in the dashboard were either broken or poorly functioning, and I addressed them one by one to bring the UI back to fully working state.
• I implemented and/or improved multiple backend APIs supporting the dashboard — including role-based access control (RBAC), assignment & commenting flows, and analytics endpoints.
• I integrated advanced filtering and search across security reports/issues — enabling organisation-admins to filter by domain, severity, status, date, assignee, etc.
• I added real-time analytics elements (dashboard widget updates, charts, counts) to support better decision-making at the organisation level.
• I strengthened collaboration: dashboards support issue assignment, commenting, notifications (UI + backend support), enabling teams to manage their vulnerability workflows more transparently.
• I wrote or expanded test suites (backend + front) and updated documentation so maintainers and future contributors will have clearer guidance.

PR Links / Code Merged:

1. https://github.com/OWASP-BLT/BLT/pull/4384
2. https://github.com/OWASP-BLT/BLT/pull/4396
3. https://github.com/OWASP-BLT/BLT/pull/4414
4. https://github.com/OWASP-BLT/BLT/pull/4419
5. https://github.com/OWASP-BLT/BLT/pull/4444
6. https://github.com/OWASP-BLT/BLT/pull/4454
7. https://github.com/OWASP-BLT/BLT/pull/4456
8. https://github.com/OWASP-BLT/BLT/pull/4484
9. https://github.com/OWASP-BLT/BLT/pull/4561
10. https://github.com/OWASP-BLT/BLT/pull/4573
11. https://github.com/OWASP-BLT/BLT/pull/4625
12. https://github.com/OWASP-BLT/BLT/pull/4632
13. https://github.com/OWASP-BLT/BLT/pull/4686
14. https://github.com/OWASP-BLT/BLT/pull/4689

3. Challenges & What I Learned

Throughout this project, I faced several challenges that pushed me to think critically and improve both my technical and problem-solving skills. One of the biggest hurdles was dealing with the existing state of the dashboard — many of the pages were broken or incomplete, and several were interdependent. Fixing one page often caused issues on another, which made testing and debugging quite difficult. I had to carefully trace through multiple layers of templates, scripts, and backend logic to understand how different parts interacted before making any changes.

Security was another crucial aspect. Since the OWASP BLT dashboard is used for managing vulnerabilities, maintaining strict role-based access control was essential. Designing and testing these permissions to ensure that users only accessed what they were authorized to took extra care and several iterations. On top of all that, writing tests and maintaining documentation alongside active development was challenging, especially within GSoC’s limited timeframe.

Despite these difficulties, I learned a tremendous amount during the process. I gained a deeper understanding of full-stack web development — particularly how front-end tools like HTMX and Tailwind CSS can blend seamlessly with Django to create dynamic, efficient interfaces. I also learned how to design APIs that are secure, performant, and maintainable. Beyond the technical skills, I became much more comfortable working in an open-source environment — communicating effectively with mentors, handling feedback through code reviews, and adhering to collaborative workflows. Most importantly, this experience taught me the value of patience and attention to detail when building systems where multiple components are tightly connected.

4. Final Thoughts

This GSoC journey with OWASP BLT has been a highly rewarding experience. I am grateful to the mentors and the OWASP community for their guidance and support. I believe the dashboard enhancements will significantly improve how organisations use OWASP BLT for vulnerability management, making their workflows more intuitive, efficient and collaborative. I look forward to continuing my contributions to the project and engaging with the community in future.