Projects #
Project 1 #
Due : Wed, Feb 5 - 10:00am P01
The project is designed to simulate real-world scenarios in software security analysis, emphasizing the identification and mitigation of vulnerabilities in systems that handle sensitive medical data. Students will work in teams to analyze the source code, execute both black-box and static application security testing, and document their findings. This hands-on experience provides an opportunity to strengthen understanding of security standards, such as the OWASP Application Security Verification Standard (ASVS), and to apply tools like SonarQube for static analysis.
See the Project description Project 1 for more details.
Project 2 #
Due : Wed, Mar 5 - 10:00am P02
Students will apply black box testing techniques, vulnerability assessment tools, and secret detection tools to evaluate and improve the security posture of OpenEMR. The project emphasizes identifying security vulnerabilities, analyzing their root causes, and recommending remediation strategies to secure the system.
See the Project description Project 2 for more details.
Project 3 #
Due : Mon, Mar 31 - 10:00am P03
The project focuses on conducting a security assessment of OpenEMR, an open-source medical records system, by applying techniques such as logging analysis, attack tree modeling, and test coverage evaluation. The project emphasizes the use of OWASP Application Security Verification Standard (ASVS) to identify vulnerabilities, propose mitigations, and assess OpenEMR’s overall security posture.
See the Project description Project 3 for more details.
Project 4 #
Due : Wed, Apr 16 - 10:00am P04
Students will complete abuse and misuse case diagrams and textual descriptions, perform three hours of exploratory testing with video documentation, and individually address security-related bugs discovered throughout the semester. Additionally, participants will analyze the efficiency of different vulnerability detection techniques.
See the Project description Project 4 for more details.