Compass Security supervises scientific work

Compass Security volunteers as supervisor for academic work and studies relating to information security.

We support students to link theory with practice, either on a subject of their own choosing or with questions and challenges the security industry is currently facing.

Last year we accompanied two papers of students at the Hochschule für Technik Rapperswil (HSR). The students tackled tricky problems around the online platform Hacking-Lab. Hacking-Lab is used at the HSR as a training platform in the fields of information security.
 

Emil on Steroids

Authors: Sven Defatsch und Patrick Steinhäusl
Examinator: Cyrill Brunschwiler

Hacking-Lab hosts a fictitious webshop (bells shop) which is used for trainings on "Secure Web Applications". The shop has now been ported to a recent technology stack (MEAN). In addition to the classic vulnerabilities, latest issues have also been packed into application. Thus, the new shop features issues around templating, de-serialization, NoSQL, JWT or Web Sockets.

 

Hacking-Lab 2.0

Authors: Janick Engeler, Yanick Gubler
Thesis Advisor: Ivan Bütler

High scalability and worldwide usability - the implementation of these two requirements poses a number of challenges: avoiding performance bottlenecks, enabling multilingual system operation, avoiding additional effort when capturing new challenges and sample solutions, etc.

 

Congratulations both teams on their successful work!

 

The abstracts of these - and more - papers can be found here: https://www.compass-security.com/research/studien/ 

CALENDAR

Beer-Talk #18 in Berlin: How to pwn a Global Player in two days

Thanks to greater financial and personal resources, large companies are better equipped against hacking attacks than smaller companies and startups.... Read more

Beer-Talk #27 in Zurich: WiFi Open to WPA3

WiFi is omnipresent, but the networks often have weaknesses. Does the WPA3 standard provide additional defenses? We will show you whether the WiFi... Read more

5. Digital Real Estate Summit 2019

The place to meet the digital real estate industry. Read more

ALL DATES

Compass Security Blog

XSS worm – A creative use of web application vulnerability

In my free time, I like to do some bug bounty hunting. For some reasons, I’ve been doing this almost exclusively for Swisscom. One of the reason is that the scope is very broad and I like to have this... mehr

Substitutable Message Service

Have you ever said something and later regretted it? Or written an email to someone and then wished it had not happened? Or sent an SMS message but afterward desired to change its content? Well,... mehr

ZUM BLOG