Web Application Security COMP6443/COMP6843 25T1

Casual Job Opportunities in UNSW IT Cyber Security

Posted by Rahat Masood about 9 hours from now.

Hi Everyone,

UNSW Cyber Team has following casual job opportunities in their projects. These paid opportunities at $54-56 an hour (7 hours, 2 days a week for 2 months).

Please email directly to Nivi Newar (n.newar@unsw.edu.au) with your CV and transcript. Also, please mention which project you are interested in.

Project 1: Automated Penetration Testing Results Reporting Workflow (Brain)

Overview:

Develop an automated workflow for managing penetration testing results. The workflow will extract data from the findings register, generate reports grouped by remediation owner, and automatically send these reports via email. Owners will receive reminders to update the status of their assigned remediations. This would result in a report with grouped findings, rather than individual action reminders.

Key Steps:

• Data Extraction: Pull penetration testing results from the register automatically (e.g., via API, database queries, or flat files).
• Report Generation: Create personalized reports for each remediation owner, detailing their assigned findings, due dates, and priorities.
• Automation Workflow: Use automation platforms (e.g., Power Automate, Zapier, or Python scripts) to:
• Schedule report generation.
• Send reports and update prompts via email.
• Track responses and escalate overdue tasks.

Considerations:

• Escalation mechanism could be built in
• This pattern could be translated to other registers - i.e. risk management - group risks & actions by owner for a bulk update.

Deliverables:

1. Automated report generation and email workflows.
2. A dashboard for tracking remediation progress.
3. Documentation for maintaining and extending the workflow.

Project 2: Complete Re-Architecture of Power BI Metrics Reports (Brady Gerber)

Overview: Rebuild the Power BI metrics reporting system from scratch to create a cohesive, maintainable, and automated reporting solution. This project involves cleaning and restructuring the 41 metrics into a unified data model, introducing automation for data updates, and preserving the visual appeal of the reports.

Key Steps:

• Source Data Reorganization: Analyze and clean the existing source data to eliminate inconsistencies, redundancies, and errors. Develop a standardized, structured data source.
• Data Model Design: Create a robust data model in Power BI or an external database (e.g., SQL Server) to support the metrics and ensure scalability.
• Automation: Automate data extraction and transformations using tools like Power Query, Dataflows, or Azure Data Factory.
• Report Development: Rebuild the Power BI reports to maintain or improve the visual design while ensuring consistent metrics and KPIs.
• Version Control & Testing: Implement version control for the reports and thoroughly test the new system to ensure reliability.

Deliverables:

1. Standardized and clean data source.
2. A unified Power BI data model supporting all 41 metrics.
3. Rebuilt reports with maintained or improved visuals.
4. Automation workflows for data refresh and transformation.
5. Comprehensive documentation and user training.

Value Add:

Simplifies the reporting process, improves data reliability, and ensures the reports are easier to maintain and scale in the future.

Project 3: Custom GPTs for Report Automation and Assessment Completion

Overview: Develop a suite of custom GPT models within ChatGPT or Microsoft Copilot to automate reporting, assessment completion, and data sanitization across multiple cybersecurity registers. This project aims to improve efficiency, consistency, and accuracy in handling risk management, penetration testing, and compliance assessments.

Key Steps:

Register Sanitization: Use AI to clean and structure data across key registers, including:

• Risk Register
• Penetration Testing Findings Register
• Vendor Security Risk Register
• Exemption Register

Automated Report Generation:

• Streamline architecture report and Cyber Security Risk Assessment (CSRA) report generation.
• Automate formatting, consistency checks, and summarization.

FAQ Generation:

• AI-driven FAQs for all registers to assist stakeholders in quickly finding relevant information.

Custom GPT for Risk Evaluation & Exemptions:

• Build a specialized GPT model to assess and evaluate risks, exemptions, and policy adherence.

Automated Reporting for Compliance Assessments using CustomGPT:

• Automate reporting for Cyber Security Risk Assessments (CSRA) and Vendor Security Risk Assessments (VSRA).

How-To Video Tutorial Creation:

• Generate AI-assisted tutorial videos for 10 cybersecurity registers, ensuring users understand how to navigate and use the system effectively.

Deliverables:

1. AI-powered data sanitization and structuring workflows and updated registers.
2. Automated reporting workflows for CSRA, VSRA, and architecture reports.
3. Custom GPT model for risk assessment and exemptions.
4. AI-generated FAQs for cybersecurity registers.
5. AI-assisted video tutorials for user guidance.
6. Documentation for implementation, usage, and maintenance.

Value Add:

• Reduces manual effort and human error in data sanitization and reporting.
• Speeds up risk evaluations and exemption processes.
• Enhances user experience with AI-driven FAQs and tutorials.
• Improves cybersecurity compliance and governance with structured automation.

Project 4: Automated Vulnerability Reporting

This project will focus on further optimising the current vulnerability reporting process by leveraging AWS tags, CIDR groups, and other classification methods to dynamically route scan results to the appropriate system owners. The initiative aims to enhance efficiency, reduce manual intervention, and ensure timely delivery of vulnerability data to the relevant stakeholders.

<u>The deliverables expected from this project include: -</u>

• Automated Reporting Workflow Design : A detailed workflow outlining how vulnerability scan results will be processed and routed based on AWS tags, CIDR groups, or other classification methods.
• Integration with Existing Tools : Solution that will integrate with vulnerability management tools, AWS, and our service management platform to dynamically link scan results with system owners
• Notification and Reporting Mechanism : Development of an automated notification process to alert system owners of vulnerabilities identified in their systems via our service management platform in combination with other communication channels as necessary

CyberCON Passes and Volunteers

Posted by Rahat Masood about 15 hours ago.

Hi Everyone,

Free Registrations to CYBERCON:

There is an upcoming CyberCON Canberra Conference on18 ^th to 19 ^th March 2025. This will be the largest Cyber Conference in Canberra; it will bring together some of the greatest minds in cyber and will provide attendees with insights and best practices taught by the industry’s top experts through keynotes, thought leadership, panel sessions and live demonstrations.

There are FIVE complimentary passes available to issue to students (valued at $450 per ticket). There is a code that you need to enter for free registration. Please email me (rahat.masood@unsw.edu.au) if you want to get the code. It will be on first come first serve basis (first 5 only). Please note that the code only works on Student registration type. The pass includes access to the conference on Tuesday & Wednesday with lunch and afternoon tea. During registration, they must provide proof of current student ID. Student registrations do not include access to the workshops on Monday 17 ^th March.

The code will be available to the first 5 registrations and will expire at midnight on the 7 ^th March 2025 ,

Additional Volunteers:

CyberCON is also looking for volunteers too. I f you are available on Tuesday 18 ^th and/or Wednesday 19 ^th March 2025, and would like to volunteer for this conference, please register here, places are limited: https://conference.aisa.org.au/2025-australian-cyber-conference---canberra/volunteer-registration

Note: Students need to arrange for their own travel and accommodation.

Regards,

Rahat.

Week 2 Announcements

Posted by Hamish Cox 8 days ago.

Hello everyone!

I hope everyone has had a good first week of term. A couple assessment updates for week 2:

• The midterm exam notice has been released, you can find it here: https://webcms3.cse.unsw.edu.au/COMP6443/25T1/resources/109890
• The topic challenges spec has been updated with an updated marking scheme for the base course and the marking scheme for topic 2 (the challenges will release later tonight): https://webcms3.cse.unsw.edu.au/COMP6443/25T1/resources/109475

If you have any questions about either of these, post on the forums! We've also had a lot of questions about tutorial enrolments: if you are not able to make your enrolled tutorial, just come to one you can.

If you are still having any mTLS issues, follow this updated guide from Daniel (one of the tutors): https://webcms3.cse.unsw.edu.au/COMP6443/25T1/resources/109773 This will get you setup with the simplest configuration working through Burp, but again if you run into any issues, the forum, your tutors, or even me after a lecture are all here to take a look.

Also, we've opened the leaderboard on CTFd now that everyone has had a chance to get started. Don't worry about your place on the leaderboard - CTFd points don't have an impact on your marks, but some people like to get competitive, so feel free to challenge your friends.

Finally, don't forget the lecture is 6-8pm tonight in Patricia OShane (CLB) 105, with a pentester from CommBank doing the extended lecture from 8-9.

Hope you all have a good week!

- Hamish