Just like every January, the first year course in web technology is starting for the AI and Computer Science students. The first years learn about developing websites while combining this with a little bit of websecurity. The coordinators of the course like to see senior students try to show leakages in the websites in a practical way. However, this has been taken too far during last year's course. Students had to drop out because of the damage done by the hacking attempts of senior students. We hope to see you try to show the security flaws of the first years in an ethical way before the last week of the course. The full message of the course coordinators can be read here:
Dear VIA members,
We are writing to you to coordinate activities related to the security of the students' websites which are developed in the 'Webtechnologie voor KI/INF' course in Period 3.
Every year some of the servers allocated to the students for hosting their servers are hacked. We would first of all like to mention that we value efforts on making the UvA internet environment secure and teach the students to be aware of security threats. We therefore want to emphasis that we actually appreciate the hacking of the servers. At the same time we hope to make some arrangements about this. Last year some project groups ran into problems because of the hacking which significantly impacted their projects (some even have to retake the course this year). Therefore we would greatly appreciate it if we could agree on the following arrangements:
1) Please only hack the servers allocated to project groups within the first two weeks of the course. This gives the students an ample period of time to take care of the security of the server and continue working on the project.
2) If changing any of the files on the server, please store the original files (or website) somewhere in a backup directory on the server.
We hope you understand these concerns and are open to your suggestions.
Regards, Yuri Demchenko