In the first project, the participants will construct software with security flaws, point out the flaws in the project, and provide the steps to fix them.
The project has only 1 part.
How to get started
This material contains the first project of the course series called Cyber Security Base. In order to submit your project, you will need a MOOC.fi account that you can create at at the right hand corner of this course material.
Once you have created the account, please answer a background questionnaire at https://elomake.helsinki.fi/lomakkeet/74256/lomake.html. Answering the questionnaire should take less than 10 minutes and will be very valuable for the research conducted on this course.
How to pass the course
To pass the course you need to complete the project assignment, write report, and provide 3 reviews of other projects.
In the first course project, your task is to create a web application that has at least five different flaws from the OWASP top ten list (https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf). Starter code for the project is provided on Github at https://github.com/cybersecuritybase/cybersecuritybase-project.
You may do the project without using the starter template (in a language of your own choosing). In that case, however, you must also provide guidelines for installing and running the web application on Windows, Linux and Mac (including guidelines for installing any possible required dependencies).
The code must be stored in a public repository so that other students may review it. A standard option is to use Github. If you are a student at Helsinki University, you can use https://version.helsinki.fi. Make sure that the project is public.
You will then write a 1000 word report (hard limits: 800-1500) that pinpoints the flaws and the describes how they can be fixed. The report must follow the following structure:
LINK: <link to the repository> <installation instructions if needed> FLAW 1: <description of flaw 1> <how to fix it> FLAW 2: <description of flaw 2> <how to fix it> ... FLAW 5: <description of flaw 5> <how to fix it>
We recommend not to write the essay directly to the browser. Instead write (and save) it using your favourite text editor, and copy-paste it.