Categories
Uncategorized

Blog Post #2

CS461 – Website Security Research Project

Scott Lindsay


Reflections on the journey of the Website Security Research Project so far

The idea for approaching this project was inspired by the growing cybersecurity threats facing web applications, especially in sensitive areas like banking, where data protection is essential. Our goal is to design a mock banking application that will allow us to test different vulnerabilities in a controlled environment. This setup will let us explore both insecure and secure versions of the app, highlighting how various cyber threats, like SQL injection or brute-force attacks, play out in real time.

One of the main aims of the project is to create a safe learning environment where we can test different attack methods without putting any real systems or data at risk. To do this, we’re designing the project to run within a virtual environment, which will isolate it from public exposure. This setup allows us to safely study common vulnerabilities without opening up a live system to any actual security risks.

Even in this planning and design phase, we’ve faced some interesting challenges. Balancing “vulnerable” and “secure” versions, for example, has required us to think carefully about how to make each setup realistic enough to test while still being secure. We’re frequently revisiting our design plans, rethinking how the app’s functions will interact, and considering how to make the project both practical and educational. Though we haven’t built the app yet, designing and testing the project has already given us valuable insights into the nuances of web security and set us on a solid path toward creating an effective, controlled environment for cybersecurity learning.

Feedback on the Course

This course has been helpful in our project’s progress, particularly the resources related to data security and risk assessment that are linked on our project page. The theoretical foundation provided by these documents has given us a solid understanding of security issues, such as protecting against Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS), which we will be testing soon. Feedback from instructors has encouraged us to explore solutions and techniques we may have missed otherwise, especially regarding vulnerability management and secure coding best practices. The course material has also provided a good framework for approaching this project and has helped keep us organized and on track.


Career and/or Job Hunt


I’m building confidence in my skills now and am excited to take these lessons with me to my job and throughout my software engineering career. I am very grateful to already have a software engineering job lined up for this summer once I graduate. This project has given me hands-on experience with security vulnerabilities and has deepened my understanding of how to proactively identify and mitigate risks in web applications. Working through real-world challenges has shown me the value of a strong foundation in cybersecurity, and I’m more prepared to handle similar issues in a professional setting. I’m also excited to apply this knowledge to new technologies and frameworks, knowing that security should always be a priority in any software I develop. This experience has reinforced my commitment to building secure and reliable software during my software engineering career.

New Technologies and Tools in Use

In building this application, we selected MySQL for database management, Vue.js for the front end, and Flask for the server-side functions. For our testing environment, we are planning to rely on VirtualBox to maintain isolation, which is crucial given the security risks associated with intentionally insecure applications. Each technology plays a role in creating a realistic, full-stack application that effectively demonstrates cybersecurity threats and solutions. This setup also allows us to isolate our testing from external networks, providing a secure platform to observe vulnerabilities without exposing real data to risk.

Life Hacks: Handling Project Challenges and Managing Workload

One approach we found effective was splitting the tasks by interest level and skill level to evenly distribute them within the larger goal. This modular approach helped prevent overwhelming the team and kept our progress steady. We also set clear deadlines and designated specific roles for testing and implementing features, which helped manage our workload more evenly. Taking regular breaks after challenging debugging sessions has also helped me in the past to stay fresh and avoid burnout. I would recommend this approach to other groups since this combination of organization and balance has been critical in maintaining productivity and achieving our project goals.

Conclusion


This journey into web application security has been both challenging and rewarding. Through planning our project, preparing to tackle various cyber threats, and designing solutions, we’ve learned firsthand the complexities of securing sensitive information online. This project has strengthened our skills, reinforced our interest in cybersecurity, and highlighted the importance of thorough testing and proactive measures in web development. As we move forward, we’re excited to start building and learning more about website security.

Categories
Uncategorized

Blog Post #1

Hey everyone, here is my first blog post for the online CS capstone project. I’m excited to learn and build with you all.

Introduction

My name is Scotty and I’m a senior computer science student at OSU. I am originally from California but lived in Washington for a while and most recently Texas where I’ll be heading back to once I graduate for my job.

My timezone and/or location

I am currently in the GMT+8 timezone but will be moving around throughout the year. I love working remotely and also enjoy traveling.

Get to know me: kids, pets, hobbies, sports, games, activities, shows, etc

I don’t have any kids or pets but I am a big fan of dogs and other animals. I like to lift weights and run for exercise and enjoy most adventure sports such as mountain biking, snowboarding, surfing, etc. I don’t play video games or watch shows since I am busy and limited on time.

What got me started with computers and software?

I have always been fascinated by technology and think engineering is better than magic. Once I was introduced to the tech world I knew I wanted to work in the field for many reasons such as pay, remote work possibilities, interesting and impactful opportunities, and to have a skillset that I can apply to a wide range of companies.

My journey with OSU

I transferred to OSU a few years ago after getting my AS degree from a community college in California. I chose the remote program because I wanted flexibility and lower tuition.

Current job and internship

I most recently interned with Dell and will be starting full time as a software engineer after I graduate this spring.

My favorite technologies

I am more concerned with what I’m building and the company mission than I am the tech stack being used but I do enjoy coding in Python since it’s the most familiar to me and abstracts away a lot of the lower level complexities. This summer I worked on using AI agents built with Python, LangChain, LangGraph, and various LLMs to automate code fixes which was an interesting experience. With the current industry trends I am considering transitioning into a more cybersecurity focused role for better job stability and hopefully more pay.

My favorite listed projects (in this course) and why

I found many of the projects fascinating and focused on areas that apply to my career goals. I chose two cybersecurity related projects, a machine learning game project, an animal adoption app, an AI trading bot project, and an LLM agent project. I chose these because they sounded interesting and would help me develop skills in areas that would benefit my career.

Conclusion

That’s a bit about me. If anyone has questions or comments please let me know.

Thanks! – Scotty Lindsay

Categories
Uncategorized

Hello world!

Welcome to blogs.oregonstate.edu. This is your first post. Edit or delete it, then start blogging!