Hello everyone,
Hope everyone had a good Week 11 and is doing alright so far in the exam period. Some information for the final exam:
Post on the forums if you have any questions. We are expecting to send out challenge marks in the next few days, and are hoping to send out Report 2 marks/feedback before the exam.
Thanks,
Hamish and Kris
Hello everyone!
Welcome to the last week of the term! We won't be having an extended lecture this week, but this week we'll have core lecture time dedicated to exam revision - either topics you want us to discuss/review, or otherwise some discussion of general challenge solving under time pressure. We'll also be having a help session in Week 11 (details TBD) for further exam prep, and I believe SecSoc is organising an exam revision workshop - keep an ear out on the Discord for details.
Second: I have sent out emails with report marks and feedback to all students that submitted Report 1. Please check your spam folder, and email the course account ( cs6443@cse.unsw.edu.au ) if you did not receive any marks.
Finally, I have updated the assessment spec for Report 2 ( https://webcms3.cse.unsw.edu.au/COMP6443/25T1/resources/111277 ) with the expected star counts for the breadth component of the marking criteria. Please post on the forums if you have any questions, but this works the same as for Report 1.
Thanks,
Hamish and Kris
Hello again,
Sorry (again) for the emails, I hope I don't need to send another this week. Based on how it seems people are going with the Topic 4 challenges on the forums, we're going to extend the Topic 4 due date 7 days until 12pm on the 22nd of April. This change has been reflected on the assessment spec.
The assessment spec has also been updated with the Topic 5 marking criteria (the challenges for which will still release this evening). We decided to move a lot around these last few weeks, resulting in a much smaller Topic 5 - this is part of the reason we decided to extend Topic 4 to ensure you still had something to work on if you wanted to.
Thanks,
Hamish
Hi everyone,
Sorry for the two notices so quickly, but some updates for you:
I sent out emails to everyone with confirmation/updates to your report groups so that we are all on the same page. Check your spam folder if you can't find it.
Also, the extended lecture this week is by Francis Dong, one of the tutors. This lecture is on payment bypasses, i.e. getting to a checkout page and going "nah I want this for free". This lecture is NOT going to be recorded. The content covered will not explicitly be assessed in the final exam, unlike other extended content.
Aside from that, this week we'll be wrapping up some loose ends from frontend and then talking about some other interesting stuff: LLMs (given how commonly they are being added to many webapps) and Docker/containers (a near-ubiquitous technology that is used to host applications).
Thanks
Hamish
Hello everyone,
Sorry for the double email, but this announcement is to let you know that:
If you have not received an email with your midterm marks and you know that you submitted the midterm , or you have any questions about your marks, please email cs6443@cse.unsw.edu.au.
Thanks,
Hamish and Kris
Hello everyone,
I forgot to release (or even decide on and write) the topic 4 marking criteria. The assessment spec (https://webcms3.cse.unsw.edu.au/COMP6443/25T1/resources/109475) has been updated with the stars for topic 4. Sorry for the delay.
Thanks,
Hamish
Hello everyone!
It's week 6, which means it's flex week! There are, of course, no lectures or tutorials this week. However, we will be running some help sessions where you can get some feedback on your reports from some of the tutors:
We highly suggest going to one of these sessions once you have a rough draft or even just a few sections of your report for some feedback.
In addition to the help sessions, we'll shortly be releasing a topic '3.5' on CTFd. This consists of a few challenges that we thought might cover some additional vulnerabilities that we've talked about but haven't had challenges on yet, plus a couple that are just for a bit of fun/interest. These challenges may be reportable and will count towards the stars for topic 3. We will not be increasing the star requirements for topic 3 or the report despite the extra challenges. They are simply extra opportunities to get marks and write interesting report content.
Have a good week 6, and we will see you in week 7!
- Hamish and Kris
Hello everyone!
Hope everyone has had a good weekend and are ready for week 5. We'll be continuing on with server side vulnerabilities, including another extended lecture from Lachlan on Tuesday about deserialisation vulnerabilities.
A reminder that Tuesday has the midterm exam, at 6pm Sydney time. It is online and the exam can be accessed at https://midterm.quoccacorp.com . As of posting this will show a countdown. Make sure that you have mTLS setup and can see the countdown on the device you intend to complete the exam with. Once the exam begins (6pm Tuesday Sydney time), this page will be replaced with links to the exam questions.
An exam questions thread is now on the forum and will be the primary method of communication during the exam : https://edstem.org/au/courses/20765/discussion/2488259
The submission template is available here: https://webcms3.cse.unsw.edu.au/COMP6443/25T1/resources/110820
Your completed exam can be submitted here: https://moodle.telt.unsw.edu.au/mod/assign/view.php?id=7318119
Please post on the forums if you have any questions. See you in the lectures this week!
Thanks,
Hamish and Kris
Hello everyone!
Well done on making it through topics 1 and 2. We're now at topic 3, which should now be released. You can get started at
https://ctfd.quoccacorp.com
.
In tutes this week we want to make sure everyone is in a group. If you still don't have a group and will not be able to attend a tute this week please email your tutor to let them know.
A couple updates about assessments:Good luck with the new challenges!
- Kris and Hamish
Hi Everyone,
UNSW Cyber Team has following casual job opportunities in their projects. These paid opportunities at $54-56 an hour (7 hours, 2 days a week for 2 months).
Please email directly to Nivi Newar (n.newar@unsw.edu.au) with your CV and transcript. Also, please mention which project you are interested in.
Project 1: Automated Penetration Testing Results Reporting Workflow (Brain)
Overview:
Develop an automated workflow for managing penetration testing results. The workflow will extract data from the findings register, generate reports grouped by remediation owner, and automatically send these reports via email. Owners will receive reminders to update the status of their assigned remediations. This would result in a report with grouped findings, rather than individual action reminders.
Key Steps:
Considerations:
Deliverables:
Project 2: Complete Re-Architecture of Power BI Metrics Reports (Brady Gerber)
Overview: Rebuild the Power BI metrics reporting system from scratch to create a cohesive, maintainable, and automated reporting solution. This project involves cleaning and restructuring the 41 metrics into a unified data model, introducing automation for data updates, and preserving the visual appeal of the reports.
Key Steps:
Deliverables:
Value Add:
Simplifies the reporting process, improves data reliability, and ensures the reports are easier to maintain and scale in the future.
Project 3: Custom GPTs for Report Automation and Assessment Completion
Overview: Develop a suite of custom GPT models within ChatGPT or Microsoft Copilot to automate reporting, assessment completion, and data sanitization across multiple cybersecurity registers. This project aims to improve efficiency, consistency, and accuracy in handling risk management, penetration testing, and compliance assessments.
Key Steps:
Register Sanitization: Use AI to clean and structure data across key registers, including:
Automated Report Generation:
FAQ Generation:
Custom GPT for Risk Evaluation & Exemptions:
Automated Reporting for Compliance Assessments using CustomGPT:
How-To Video Tutorial Creation:
Deliverables:
Value Add:
Project 4: Automated Vulnerability Reporting
This project will focus on further optimising the current vulnerability reporting process by leveraging AWS tags, CIDR groups, and other classification methods to dynamically route scan results to the appropriate system owners. The initiative aims to enhance efficiency, reduce manual intervention, and ensure timely delivery of vulnerability data to the relevant stakeholders.
<u>The deliverables expected from this project include: -</u>
Hi Everyone,
Free Registrations to CYBERCON:
There is an upcoming CyberCON Canberra Conference on18 th to 19 th March 2025. This will be the largest Cyber Conference in Canberra; it will bring together some of the greatest minds in cyber and will provide attendees with insights and best practices taught by the industry’s top experts through keynotes, thought leadership, panel sessions and live demonstrations.
There are FIVE complimentary passes available to issue to students (valued at $450 per ticket). There is a code that you need to enter for free registration. Please email me (rahat.masood@unsw.edu.au) if you want to get the code. It will be on first come first serve basis (first 5 only). Please note that the code only works on Student registration type. The pass includes access to the conference on Tuesday & Wednesday with lunch and afternoon tea. During registration, they must provide proof of current student ID. Student registrations do not include access to the workshops on Monday 17 th March.
The code will be available to the first 5 registrations and will expire at midnight on the 7 th March 2025 ,
Additional Volunteers:
CyberCON is also looking for volunteers too. I f you are available on Tuesday 18 th and/or Wednesday 19 th March 2025, and would like to volunteer for this conference, please register here, places are limited: https://conference.aisa.org.au/2025-australian-cyber-conference---canberra/volunteer-registration
Note: Students need to arrange for their own travel and accommodation.
Regards,
Rahat.
Hello everyone!
I hope everyone has had a good first week of term. A couple assessment updates for week 2:
If you have any questions about either of these, post on the forums! We've also had a lot of questions about tutorial enrolments: if you are not able to make your enrolled tutorial, just come to one you can.
If you are still having any mTLS issues, follow this updated guide from Daniel (one of the tutors): https://webcms3.cse.unsw.edu.au/COMP6443/25T1/resources/109773 This will get you setup with the simplest configuration working through Burp, but again if you run into any issues, the forum, your tutors, or even me after a lecture are all here to take a look.
Also, we've opened the leaderboard on CTFd now that everyone has had a chance to get started. Don't worry about your place on the leaderboard - CTFd points don't have an impact on your marks, but some people like to get competitive, so feel free to challenge your friends.
Finally, don't forget the lecture is 6-8pm tonight in Patricia OShane (CLB) 105, with a pentester from CommBank doing the extended lecture from 8-9.
Hope you all have a good week!
- Hamish
6443 Welcome
Hi everyone,
Welcome to the course!
I hope you're all finally enrolled and ready to get started with web application security this term. We’ve made a load of changes from last year to improve your experience as students and we’re hoping you’ll all come out of this course with some brilliant technical skills and practical applications of your security mindset.
A few things to note this week. Firstly, the lecture tonight is in Patricia O’Shane (CLB for those of you old enough to remember its old name) 105 at 4pm, the same place as yesterday. I hope to see more of you tonight than we did last night :P
Secondly, while there was no extended lecture last night, usually 8pm to 9pm is reserved for the extended students and some weeks we’ll have a guest lecturer in to provide you with some different perspectives and some industry contacts through the term.
Third, we’ll be doing a lot of setup in the lectures and tutorials this week, but if you’d like to get ahead then some setting up instructions are already on WebCMS here: https://webcms3.cse.unsw.edu.au/COMP6443/25T1/resources/107935 . You will need an mTLS certificate to engage with any of the challenges and you’ll certainly want Burp configured at some point through the term. Everything else we’ll discuss as we go through the course.
Fourth, you can see the details of the assignments and Report 1 spec (already, omg!) that will be due in week 7. It’ll be in groups of 3. Find details here: https://webcms3.cse.unsw.edu.au/COMP6443/25T1/resources/107907 .
Finally, you can contact the course staff using cs6443@cse.unsw.edu.au and any questions for tutors or your peers can be on Ed. This goes for the extended class as well. We have a Moodle instance that will link our course website, Ed forum, and where you will submit things. The bulk of content will be on WebCMS, including all announcements, so please check in frequently.
Quick shout out to Hamish for getting so much of this sorted and up and running before the start of week 1 and to all the staff for being so eager and well prepared.
I hope your tutorials go smoothly this week and I’ll see you all tonight!
Kris.
EDIT 2025-02-20: Fixed course staff email.