A security testing thesis project can be great fun, educational, and it can be very useful when applying for work. Check out some media coverage from previous student projects on Pontus Johnson’s home page, and take a look at previous thesis and vulnerability reports here.
Thesis projects will differ depending on your program. In particular, your program will affect the number of credits, whether you can work in pairs, the kinds of plans and project specifications you will need to produce, presentation and opposition routines, and potential deadlines. For the actual content of the work, however, you will find a lot of information here. In brief, this is the process:
- Consider whether you have the required competencies to write a good thesis. You will need to feel comfortable with low-level computing, networking and operating systems (e.g. working on the Linux command line). It will also facilitate greatly if you have previous experience of cyber security, particularly security testing, e.g. having completed the course EN2720 Ethical hacking.
- Make sure that you understand the Law. The most important rule is this: don’t security test things for which you don’t have the owner’s permission.
- Register to the thesis project.
- Ask your tutor to invite you to our Slack, and, if you wish, start participating in the weekly Zoom tutoring meetings, as detailed here.
- Decide on a system to investigate. Sometimes, it is already decided what that system is, other times, you are free to suggest one to your supervisor.
- Procure the system. Sometimes KTH can order the device, but other times the process may be different. Note that the procurement time can cause problems in your planning if you have chosen a system with a long delivery time.
- Write a project plan. The format of the project plan is oftentimes decided on by your program, but generally the objectives will be the same for all hacking projects. Already at this point, it is a good idea to understand the grading criteria, as well as the structure of the tangible result of your work, i.e. your thesis report.
- Start working according to your method, making sure that you do not break the law. If you need work space or tools, do check out the Cyber Security Lab.
- During the project, you can receive tutoring in different forms.
- If you find a vulnerability, it should be responsibly disclosed.
- Write the report, preferably in parallel to the actual work. The report is the concrete result of your project, so it needs to contain all aspects of your work. Therefore, its structure can help guide your activities.
Table of contents
- Choice of System to Explore
- Things to hack
- Purchase Form
- Related work
- Thesis Report
- Threat Traceability Matrix
- Grading criteria
- Responsible disclosure
- The Law
- Cyber Security Lab