Project scope
Categories
Security (cybersecurity and IT security)Skills
devsecops admin tools risk audit burp suite penetration testing sql (programming language) cyber security account management information technology security auditing risk prioritizationTake Care is a Canadian SaaS platform helping individuals and families plan ahead for medical emergencies, caregiving, and life transitions. As we grow, we’re seeking a cybersecurity expert to conduct a structured risk audit and develop a targeted mitigation strategy. You’ll help identify potential vulnerabilities in our architecture and recommend improvements to protect sensitive user data, documents, and account information.
This project will give you experience working on a real-world digital health platform, applying penetration testing techniques, and developing a practical security roadmap aligned with OWASP and NIST standards.
Successful applicant will be required to sign an NDA and complete our privacy onboarding. You will work with one of our tech leads and have direct access to the CEO/Founder as well.
takecaretogether.ca
By the end of the project, the student will deliver:
Comprehensive Security Audit
- Review of platform architecture, document upload pipeline, account management system, and admin tools.
- Testing against common vulnerability classes (OWASP Top 10).
Risk Prioritization Report
- Identify and rank vulnerabilities by severity and exploitability.
- Include risks such as:
- Escalation of privilege (e.g., planner → admin)
- Injection vulnerabilities (SQL, document-based, or other)
- Authentication token tampering / key modification
- Cross-account access vulnerabilities
Targeted Mitigation Plan
- Actionable recommendations for short- and long-term fixes.
- Grouped by impact, effort, and feasibility.
Light Penetration Testing
- Use tools like OWASP ZAP or Burp Suite to test specific endpoints (with permission).
- Provide evidence of findings without disrupting the live environment.
Developer/Founder Briefing
- Final report presentation (written submission followed virtual meeting to discuss follow up questions) summarizing key findings and next steps.
- Suggestions on how to integrate findings into ongoing DevSecOps workflows.
Providing specialized, in-depth knowledge and general industry insights for a comprehensive understanding.
Sharing knowledge in specific technical skills, techniques, methodologies required for the project.
Direct involvement in project tasks, offering guidance, and demonstrating techniques.
Providing access to necessary tools, software, and resources required for project completion.
Scheduled check-ins to discuss progress, address challenges, and provide feedback.
Supported causes
The global challenges this project addresses, aligning with the United Nations Sustainable Development Goals (SDGs). Learn more about all 17 SDGs here.
About the company
Take Care is a physician-designed online tool that helps families get organized and plan ahead for aging, serious illness, or death — before a crisis hits. It walks people through a simple, step-by-step process to gather the information their loved ones will need most — like who to call, what matters most, and how to honour their wishes.
Instead of leaving people scrambling in moments of stress, Take Care turns complex planning into a clear, shareable summary that makes things easier for everyone involved. It’s practical, personal, and built to support better decisions and communication during some of life’s hardest moments.
Behind the scenes, the platform uses user-provided data to personalize the experience in real time — tailoring prompts, resources, and summaries to reflect each person’s unique situation. It’s a guided planning engine designed to make a daunting task feel doable. Our motto is simple: Plan. Share. Take Care.