A team of ICT undergraduates from the University of New South Wales (UNSW) has been announced as the winning team of the 24-hour Cyber Defence University Challenge, which was held 3 April.
The undergraduates beat a team from Edith Cowan University, which took out second place, with a team from the Australian National University coming third.
Theo Julienne, part of the winning team from UNSW, said the first set of challenges involved Web exploits and trying to determine whether websites could be attacked, including XSS vulnerabilities and examining if any badly written code could be manipulated so they could inject information into the site.
“Then some of the later challenges were related to finding vulnerable services on some of the serves and again attempting to break into them and execute our own code on the servers. Then there were a whole set of challenges relating to social engineering and computer forensics,” Julienne told Computerworld Australia.
This included figuring out whether a computer had been compromised and creating a report on whether information had been lifted from it.
The competition saw 15 teams of undergraduates from universities around Australia compete against each other to pinpoint IT vulnerabilities in a fake business. Teams accumulated points by successfully carrying out tasks and detailing how the business could be helped to mitigate security concerns.
Julienne said businesses need to be more aware of vulnerabilities in their websites because so many applications are being developed for the Web by people who do not have security training and therefore they do not consider the security needs of a website they are developing.
“That means there’s going to be a larger and larger amount of vulnerable websites out there, and of course, as you can see from this competition, there’s quite a large amount of danger in that when people just make simple mistakes — a lot of information can be leaked [and] networks can be taken over. It can be quite bad for the businesses involved,” he said.
The winners will be flown to the Black Hat Security conference in the US this July.
Follow Stephanie McDonald on Twitter: @steph_idg
Follow Computerworld Australia on Twitter: @ComputerworldAU