Computer Science
Security & Cyber Defense Challenges
Security & Cyber Defense challenges put you inside the work of protecting systems from real attack. You'll build skills around the CIA triad, authentication, identity & access management and network security, and learn to work the OWASP Top 10 and run vulnerability scanning the way defenders do.
From there you'll tackle the harder edges — threat modeling, the MITRE ATT&CK framework, SIEM operations and incident response — moving into cyber risk management, Zero Trust architecture and red team operations. Each challenge you solve earns a verified credential you can share with recruiters.
- DesignIntermediateNew
Authentication + RBAC for a Multi-Workspace SaaS
Design the auth architecture: identity provider (managed), session model (JWT with rotation), workspace-membership claims, RBAC permission model (4 default roles, custom-role ca…
- Authentication
- Rbac
- Sso
Engineering Software as a Service - CodeIntermediateNew
Prompt-Injection Hardening for a Customer-Support Agent
You receive the current agent prompt, the pen-tester's 60-attack injection test set (direct prompt injection, indirect via doc content, refusal-bypass, and exfiltration), and a …
- Prompt Injection Defense
- System Prompt Design
- Red Team Operations
Prompt Engineering - DesignSeniorNew
Design a Cross-Chain Bridge Protocol with Honest Threat Model
Read the Vitalik 'cross-chain interoperability' essay and survey 3 existing bridge designs (lock-and-mint, atomic-swap, optimistic-rollup-native). Design your protocol around a …
- Blockchain Protocols
- Smart Contracts
- Solidity
Blockchain and Decentralized Systems Engineering - DesignIntermediateNew
Threat Model a HealthTech Patient-Portal Web App
Read the 25-page redesign architecture document (auth via Clerk, Next.js front-end, FastAPI backend, Postgres, S3 for documents, webhook integration with EMRs). Build data-flow …
- Threat Modeling
- STRIDE
- Secure Design
Software Security Practice your coursework on real scenarios.
Every challenge is shaped from real industry context — not generic exercises. The work mirrors what your degree prepares you for.
Why Ewance
- AnalysisIntermediateNew
Run a Red-Team Exercise on a Cloud-Native Microservices Platform
Receive a scoped engagement letter (in-scope: 6 microservices and their CI/CD pipelines; out-of-scope: customer-data exfiltration beyond proof-of-access), the architecture diagr…
- Red Team Operations
- Kubernetes Security
- Lateral Movement
Computer Systems Security - AnalysisSeniorNew
Cyber-Physical Security Audit for a Connected-Building HVAC System
Audit one representative tower's BMS: enumerate BACnet devices (network discovery + capability inventory), identify lateral-movement paths (tenant wifi -> guest network -> BACne…
- Cyber Physical Systems
- Ot Security
- Risk Management
Internet of Things and Cyber-Physical Systems - AnalysisSeniorNew
Forensic Reconstruction of an Anonymized Energy-Grid Incident
Triage the artifacts using a timeline-first methodology. Build a unified timeline across syslog, historian, firewall, and disk-image artifacts (Plaso super-timeline). Identify c…
- Digital Forensics
- Incident Response
- Ics Security
Cyber-Physical and Cybercrime Topics - ResearchIntermediateNew
Run an Alignment Probe on a Coding Assistant
You will design 240 probe prompts across 3 classes: (1) over-refusal (innocuous coding asks the model should fulfill), (2) insecure code patterns (asks where the model should wa…
- Red Team Operations
- Alignment Evaluation
- LLM Evaluation
Large Language Models - Browse challenges
Explore role
Product Manager
Ship product that solves real user problems. Combine user research, prototyping, and stakeholder alignment to turn ambiguous briefs into measurable wins — the role at the centre of modern software teams.
- DesignIntermediateNew
Author an Incident Response Playbook for a Fintech Startup
Author a 4-phase playbook (Prepare, Detect & Analyze, Contain/Eradicate/Recover, Post-Incident) covering 6 incident classes: data breach, ransomware, account takeover, payment-f…
- Incident Response
- NIST Sp 800 61
- Security Governance
Information Security Management and Governance - AnalysisIntermediateNew
Anonymous Communications Threat-Model for a Whistleblower Platform
Document the current stack's threat model using the LINDDUN framework (linkability, identifiability, non-repudiation, detectability, disclosure of information, unawareness, non-…
- Anonymous Communication
- Threat Modeling
- Tor
Privacy-Enhancing Technologies - ResearchSeniorNew
Audit a Custom Cryptographic Protocol
Read the 22-page protocol spec, the Go reference implementation (around 4,000 lines), and the test vectors. Run a structured review covering: primitive choices (which cipher, MA…
- Applied Cryptography
- Cryptographic Audit
- Protocol Analysis
Applied Cryptography - StrategySeniorNew
Run a Mock Algorithmic-Discrimination Investigation for a Hiring-Tech Vendor
As a 3-person team, design and execute a 3-week mock inquiry. Produce: (1) the demand letter you imagine the regulator sending (scope, legal basis, data requested); (2) the vend…
- Regulatory Analysis
- Algorithmic Fairness
- Ai Governance Frameworks
AI Law, Policy, and Regulation Build a verifiable portfolio.
Submissions become evidence. Reviewers with shipping experience score against a rubric; the result becomes a credential anyone can verify.
Why Ewance
- PresentationBeginnerNew
Run an Incident-Response Tabletop for a Healthtech On-Call Team
Design 3 tabletop scenarios with realistic timeline injects (every 5-10 minutes, new info arrives). Run the tabletop hybrid (in-person + remote) with the 8 on-call engineers + 2…
- Incident Response
- Tabletop Exercises
- Incident Command
Site Reliability Engineering - DesignIntermediateNew
Design SLO-Driven Alerts for a Telco's Subscriber API
Receive a 90-day RED (Rate, Errors, Duration) metrics export for the subscriber API across 6 endpoints and 38 weeks of paging history. Define an SLO per endpoint (e.g., 99.9 per…
- Slo Design
- Alerting
- Prometheus & Grafana
Software Observability - ResearchIntermediateNew
Red-Team an Image-Classification Pipeline for a Banking KYC Workflow
You receive the production image classifier as a black-box API plus a labeled validation set of 5,000 ID images. Run untargeted FGSM and PGD attacks (L_inf budget 4/255 and 8/25…
- Adversarial Attacks
- Robust Evaluation
- Red Team Operations
Trustworthy AI, Robustness, and Safety - CodeIntermediateNew
Apply Differential Privacy to a HealthTech Analytics Dashboard
Wrap the existing analytics layer with OpenDP (or Google's differential-privacy library). Implement epsilon-delta accounting: per-query Laplace noise for counts and sums, Gaussi…
- Differential Privacy
- Privacy Budget
- Python Or Javascript
Privacy-Enhancing Technologies - AnalysisIntermediateNew
Threat Model a Water-Utility SCADA Network Before a Migration
Review provided network diagrams (current and proposed), the asset inventory (around 180 PLCs (programmable logic controllers), 22 engineering workstations, 6 historian servers)…
- Threat Modeling
- Ics Security
- Scada
Cyber-Physical and Cybercrime Topics - ResearchIntermediateNew
Safety-Test a Customer-Service Agent for Adversarial Prompts
You receive a sandboxed instance of the agent (a tool-using LLM that can read account balances and open support tickets — both mocked). Design a red-team suite of at least 80 pr…
- Ai Agents
- Red Team Operations
- Adversarial Prompts
AI Agents and LLM-Based Agents - DesignSeniorNew
Design an OS-Level Side-Channel Mitigation for a Multi-Tenant Cloud
Read 3 canonical cache-side-channel papers (provided). For each attack: characterize the threat model, the required attacker capabilities, and the OS-level invariant that, if he…
- Os Security
- Side Channels
- Virtualization
Advanced Operating Systems - ResearchIntermediateNew
Red-Team Evaluation of a Refusal Policy
You receive the lab's written refusal policy (version 2.3) and a starter set of 60 red-team prompts (10 per category). Extend the set to 240 prompts (40 per category) using docu…
- Red Team Operations
- Refusal Policy
- Alignment Evaluation
Machine Learning from Human Preferences (RLHF and Alignment) - ResearchSeniorNew
Concept-Activation Vectors for an Autonomous-Vehicle Perception Audit
You receive a trained semantic-segmentation model (8 classes including pedestrian, vehicle, road, sky), an internal validation set of 2,500 driving frames, and a small concept-i…
- Tcav
- Concept Explanations
- Interpretability
Explainable and Interpretable AI - CodeBeginnerNew
Implement Authentication and Access Control for a Civic Portal
Receive the current Next.js + Express prototype, the data model (residents, requests, documents, audit log), and the 4 staff roles (resident, clerk, supervisor, auditor) with th…
- Authentication
- Authorization
- Rbac
Introduction to Computer Security - CodeBeginnerNew
Find and Exploit Web Vulnerabilities on a Capture-the-Flag Range
Receive credentials to the CTF environment, the 8 challenge specifications (each with a target endpoint and a flag to extract), and the Rails source for the vulnerable app. For …
- Web Security
- OWASP Top 10
- Penetration Testing
Introduction to Computer Security - DesignIntermediateNew
Design a Secure-by-Default IoT Device Provisioning Flow
Design end-to-end provisioning: factory bootstrap (per-device key pair burned at manufacture), installer flow (BLE-driven activation, Wi-Fi handoff), cloud-side enrollment (mTLS…
- Iot Security
- Secure Provisioning
- Mutual Tls
Cyber-Physical and Cybercrime Topics
How it works
From brief to credential, in six steps.
Step 01
Browse challenges aligned to your studies.
Step 02
Accept the one that fits your goals.
Step 03
Work through it with AI Copilot guidance.
Step 04
Submit for structured evaluation.
Step 05
Earn a verified credential.
Step 06
Add it to LinkedIn with one click.
Related skill families
Browse all skillsIndustry teams behind a decade of practitioner briefs
Hiring from this pool?
Sponsor a challenge and meet candidates through actual work.
Industry teams can shape briefs around the skills they hire for, then evaluate students on rubric-scored deliverables — not resumes.