October is Cybersecurity Month!
September 25, 2023
This season, come and learn about website application security (WebAppSec) with the Integrated Security Education and Research Center, or ISERC. Participants will learn about top weaknesses on the web and how to defend them. This newfound know-how will then be utilized during a capture-the-flag escape room challenge on campus.
Attendees will learn to use professional tools, develop professional cybersecurity skills (as described in the NICE Framework), connect with others, and have fun!
Whether a newbie or someone with some hacking experience, students, faculty and staff are all welcome to join in. We do not assume prior experience, but attendees will need access to a laptop.
The ISERC team will explore three of the most common weaknesses in websites: broken access control, when crypto fails, and SQL injections (which haven't changed since the 1970s and are still a problem). Attendees will learn about the kinds of software used to track these problems – Wireshark and Burpsuite.
Schedule of events:
- October 4, 2:30 - 3:30 p.m. [Zoom]: Kick-off Cybersecurity Month with guest speakers, followed by an audience Q&A with the speakers and the ISERC team.
- October 11, 2:30 - 3:30 p.m. [Zoom]: Workshop 1 is about access control. We will cover broken access control (OWASP top 10), what PortSwigger Burp Suite is, and how to analyze Internet traffic.
- October 16, 2:30 - 3:30 p.m. [Zoom]: Workshop 2 is about data protection. We will cover cryptographic failures, what Wireshark is, and how to read the information that moves across a network.
- October 25, 2:30 - 3:30 p.m. [Zoom]: Workshop 3 is about protecting websites. We will cover SQL injection attacks, use Burp Suite again, and figure out why it is important to 'sanitize our inputs'.
- October 31, Noon - 2:30 p.m. [Hybrid]: Hackday/CTF. This is an in-person event, with lunch, that accommodates virtual attendees. Your mission? To protect the Juice Shop! Earn points, win prizes.
Attend at least three of these events and you can pick up an ISERC activity badge!
If you are a local employer who would like to get involved, we are looking for Hackday judges and guest speakers.
This series is hosted by ISERC and supported by the Commonwealth Cyber Initiative and Pamplin College of Business's Security, Privacy and Trust Pillar.
To sign up, follow this link and use password iserc2023.
For more information, contact Arianna Schuler Scott.