Many of you know that I taught previously for Johns Hopkins University, and I continue to hold a part-time appointment to teach an online course during the summer. Last year, a team of students in my course created a capture-the-flag (CTF) activity that addresses several aspects of web security that we cover in this course.

In prior offerings of Comp Sci 364, cadets struggled with the application of web security – both recognizing various types of attacks and how to defend against them. Thus, I am providing an extra credit opportunity to reinforce these concepts:

Option 1: Election Capture-the-Flag (CTF)
You may complete the aforementioned CTF activity and a feedback form regarding your experience. The CTF activity comprises two parts: two short readings followed by five multiple-choice questions related to theory (e.g., recognizing different types of web security vulnerabilities) and five free response questions where the answers are found in the process of compromising a vulnerable web application. At the completion of the activity, you will complete a short feedback form.

As extra credit compensation for your completion of the activity, you will receive an additional “quiz” score based on how many questions that you answer correctly, and this additional quiz grade may replace a lower quiz grade in the course if it benefits your quiz average. The total time commitment is expected to be 1–2 hours (90 minutes maximum to complete the CTF activity plus 15 minutes for feedback).

Option 2: OWASP Top 10 Web Application Security Risks
You may choose three of the OWASP Top 10 web application security risks and describe each in detail including an example of a vulnerable application (i.e., vulnerable source code), how to compromise the vulnerable application, and how to defend against the attack. A good description should be at least a half page in length (approximately 250 words) or 1.5–2 pages total to describe three web application security risks in detail and may not simply reiterate the material found on the OWASP website. At the completion of the activity, you will complete a short feedback form.

As extra credit compensation for your completion of this activity, you will receive an additional “quiz” score based on the completeness of your descriptions, and this additional quiz grade may replace a lower quiz grade in the course if it benefits your quiz average. The total time commitment is expected to be 1–2 hours (approximately 90 minutes to research and to write three descriptions plus 10 minutes for feedback).

If you choose to participate in one of these extra credit opportunities, you must complete it before the second graded review (GR) on Lesson 39.

You may choose not to participate in either extra credit opportunity. There is no penalty if you start, but do not complete, one of the options. If you participate in either activity, the feedback will not be analyzed until after final grades are submitted at the end of the semester, and responses will be anonymized prior to dissemination.