Audit Encryption Choices for an E-Commerce Checkout Stack
Overview
What this challenge is about.
Receive the architecture diagram (Next.js on Vercel, PostgreSQL on a managed service, Stripe-equivalent processor, Redis sessions), the TLS configurations for each public endpoint (collected via testssl.sh exports), the cipher-suite choices, and the database-encryption configuration. Audit each cryptographic choice against current best practices (TLS 1.3 with PFS, AES-256-GCM, Argon2 for passwords, modern HMAC for cookies). Flag every weakness with severity and rationale. Recommend replacements (with migration steps) and identify which controls map to which PCI requirement. Deliver a 10-page audit report, the testssl.sh raw outputs, a prioritized migration backlog (Now / Next / Later), and a 1-page summary for the CFO.
The Brief
What you'll do, and what you'll demonstrate.
Audit every cryptographic choice in an e-commerce checkout stack against current best practices and produce a PCI-aligned migration backlog.
Earning criteria — what you'll demonstrate
- Audit TLS, at-rest, and in-app crypto against current standards
- Map cryptographic controls to PCI requirements correctly
- Distinguish 'broken' from 'deprecated' from 'fine' weakness severities
- Communicate cryptographic risk in business terms to a CFO
Program Fit
Where this fits in your program.
Sharpens the same skills your degree expects you to demonstrate.
Skills
Skills you'll demonstrate.
Each one shows up on your verified credential.
Careers
Roles this prepares you for.
Real titles. Real skill bridges. Pick the one closest to your trajectory.
Career mappings coming soon.