We support students to link theory with practice, either on a subject of their own choosing or with questions and challenges the security industry is currently facing.

Last year we accompanied two papers of students at the Hochschule für Technik Rapperswil (HSR). The students tackled tricky problems around the online platform Hacking-Lab. Hacking-Lab is used at the HSR as a training platform in the fields of information security.
 

Emil on Steroids

Authors: Sven Defatsch und Patrick Steinhäusl
Examinator: Cyrill Brunschwiler

Hacking-Lab hosts a fictitious webshop (bells shop) which is used for trainings on "Secure Web Applications". The shop has now been ported to a recent technology stack (MEAN). In addition to the classic vulnerabilities, latest issues have also been packed into application. Thus, the new shop features issues around templating, de-serialization, NoSQL, JWT or Web Sockets.

Hacking-Lab 2.0

Authors: Janick Engeler, Yanick Gubler
Thesis Advisor: Ivan Bütler

High scalability and worldwide usability - the implementation of these two requirements poses a number of challenges: avoiding performance bottlenecks, enabling multilingual system operation, avoiding additional effort when capturing new challenges and sample solutions, etc.

Congratulations both teams on their successful work!

The abstracts of these - and more - papers can be found here: https://www.compass-security.com/research/studien/