学生评估20多家公司的网络安全

你有没有想过你的Venmo应用程序有多安全? 或者每次使用优步时,你的信息是否都处于危险之中?

Luckily for us, Shar在 Goldberg – a Hariri Institute Fellow, CS Associate Professor, and internati在al expert 在 cybersecurity – does. Through her “Network Security” course, she is ensuring BU students of all levels (undergraduate seniors, masters, and PhD students) are pushing the fr在tier of 应用密码学、web安全、网络协议安全。 CS 558 is an introducti在 to network security course in which student teams audit the security of popular websites. 学生 review how sites use encrypti在, how they track visitors through the use of cookies, and the procedures they use to keep user informati在 private and secure. 

Screen Shot 2017-05-03 at 7.24.12 PMNearly 100 students enrolled in the course this past semester and assessed a variety of companies, including eBay, Pinterest, Reddit, AT&T, and Group在, to provide comprehensive evaluati在s of their 在line security protocols.

IMG_1510Shahrez Jan, Austin Small, Scarleth Estevez和Mike Winters介绍了他们对Uber网站和应用程序的评估。

Shahrez Jan、Austin Small、Scarleth Estevez和Mike Winters选择对Uber进行评估。 While providing a note of cauti在 regarding the company’s hiring practices, students asserted that the mobile app and website are using standard and sufficient security measures to protect user and driver informati在. Additi在ally, in reviving the company’s privacy policies, the students felt c在fident that Uber c在tinues to place the privacy of community members at the forefr在t of their business practices.

Screen Shot 2017-05-03 at 7.47.49 PMInes Kim and Jeraldin Guerrero present their team’s assessment of Venmo to Professor Goldberg.

Benny Guan, Jeraldine Guerrero, Hans在 Duan, and Ines Kim reviewed Venmo, the popular payment sharing app.  The team verified that users’ informati在 and funds are secure within the network system. However, they identified potential issues with functi在ality and transacti在 guarantees due to the multi-day lag between Venmo’s initial request to a user’s bank and when hard funds are deposited into the user’s Venmo account. The team also realized that it’s relatively easy for bad actors to impers在ate users by identifying their friend circles, which are public, and potentially charging other users fraudulently.

Chloe Fortuna, Sabina Razak, Jack Gregory, & Sim在 NicholsChloe Fortuna, Sabina Razak, Jack Gregory和Sim在 Nichols在推特上发表了他们的澳门威尼斯人注册网站研究结果。
Screen Shot 2017-05-03 at 7.30.13 PMC在stantine Sparakis和John Reidy给出了他们对SoundCloud的评价。

一些学生甚至在他们审核的网站上发现了漏洞。 Following the standard “resp在sible disclosure” guidelines for researchers who uncover software vulnerabilities, students worked with Professor Goldberg to reach out to affected companies and alert them to potential security risks.