Part I

Deadline: 30.12.2019

In the first project, the participants will construct software with security flaws, point out the flaws in the project, and provide the steps to fix them.

You are not logged in. Some parts of the material are only for logged in users. You can log in here:

The project has only 1 part.

How to get started

This material contains the first project of the course series called Cyber Security Base. In order to submit your project, you will need a MOOC.fi account that you can create at at the right hand corner of this course material.

Once you have created the account, please answer a background questionnaire at https://elomake.helsinki.fi/lomakkeet/74256/lomake.html. Answering the questionnaire should take less than 10 minutes and will be very valuable for the research conducted on this course.

How to pass the course

To pass the course you need to complete the project assignment, write report, and provide 3 reviews of other projects.

Project description

In the first course project, your task is to create a web application that has at least five different flaws from the OWASP top ten list (https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf). Starter code for the project is provided on Github at https://github.com/cybersecuritybase/cybersecuritybase-project.

You may do the project without using the starter template (in a language of your own choosing). In that case, however, you must also provide guidelines for installing and running the web application on Windows, Linux and Mac (including guidelines for installing any possible required dependencies).

The code must be stored in a public repository so that other students may review it. A standard option is to use Github. If you are a student at Helsinki University, you can use https://version.helsinki.fi. Make sure that the project is public.

Essay

You will then write a 1000 word report (hard limits: 800-1500) that pinpoints the flaws and the describes how they can be fixed. The report must follow the following structure:

LINK: <link to the repository>
<installation instructions if needed>

FLAW 1:
<description of flaw 1>
<how to fix it>

FLAW 2:
<description of flaw 2>
<how to fix it>

...

FLAW 5:
<description of flaw 5>
<how to fix it>

We recommend not to write the essay directly to the browser. Instead write (and save) it using your favourite text editor, and copy-paste it.

Submitting the project

:
Loading interface...
:
Loading interface...

Login to view the exercise

Loading...