Computer & Information Sciences
Cyber Security Challenges
Real cyber-security challenges on Ewance — assess risk, harden systems, and respond to threats the way a working security professional does. Solve them to build a portfolio of verified, recruiter-checkable proof you can do the work — not just describe it.
Recommended challenges
- AnalysisIntermediateNew
Run a Red-Team Exercise on a Cloud-Native Microservices Platform
Receive a scoped engagement letter (in-scope: 6 microservices and their CI/CD pipelines; out-of-scope: customer-data exfiltration beyond proof-of-access), the architecture diagr…
- Red Teaming
- Kubernetes Security
- Lateral Movement
Computer Systems Security - AnalysisBeginnerNew
GDPR Article 25 Privacy-By-Design Review for a HealthTech API
Review the API specification (OpenAPI 3, provided, 42 endpoints). For each endpoint: identify data categories handled (special-category health data, identifiers, traffic data), …
- GDPR
- Privacy By Design
- API Design
Privacy-Enhancing Technologies - DesignSeniorNew
Design a Confidential-Computing Architecture for a Genomics Workflow
Receive the workflow description (per-hospital genome BAM files uploaded to S3, processed by a variant-calling pipeline, results returned per-hospital), the partner-hospital leg…
- Confidential Computing
- Remote Attestation
- Secure Architectures
Computer Systems Security - CodeSeniorNew
Build a Kernel-Module Sandbox for an Untrusted Code Service
Receive the current Docker-based sandbox configuration, post-incident reports for both escapes, and the runtime requirements for Python and C++ (compilers, package availability,…
- Sandboxing
- Seccomp Bpf
- Gvisor
Computer Systems Security Practice your coursework on real scenarios.
Every challenge is shaped from real-world context — not generic exercises. The work mirrors what your degree prepares you for.
Why Ewance
- CodeSeniorNew
Build an Intrusion-Detection Rule Pack for a Manufacturing PLC Fleet
Analyze provided PCAP (packet capture) files from 3 anonymized customer sites covering normal operating windows and 2 red-team simulation windows. Implement Suricata rules for 8…
- Intrusion Detection
- Ics Security
- Suricata
Cyber-Physical and Cybercrime Topics - CodeBeginnerNew
Implement Authentication and Access Control for a Civic Portal
Receive the current Next.js + Express prototype, the data model (residents, requests, documents, audit log), and the 4 staff roles (resident, clerk, supervisor, auditor) with th…
- Authentication
- Authorization
- Rbac
Introduction to Computer Security - ResearchSeniorNew
Audit a Custom Cryptographic Protocol
Read the 22-page protocol spec, the Go reference implementation (around 4,000 lines), and the test vectors. Run a structured review covering: primitive choices (which cipher, MA…
- Applied Cryptography
- Cryptographic Audit
- Protocol Analysis
Applied Cryptography - CodeIntermediateNew
Secure the Software Supply Chain of an Open-Source SDK
Audit the current state: dependency tree, publish process, GitHub Actions workflows, signing posture. Generate an SBOM (CycloneDX format) using Syft. Run OpenSSF Scorecard and t…
- Supply Chain Security
- Slsa
- Sbom
Software Security - Browse challenges
Explore role
Product Manager
Ship product that solves real user problems. Combine user research, prototyping, and stakeholder alignment to turn ambiguous briefs into measurable wins — the role at the centre of modern software teams.
- CodeIntermediateNew
Apply Differential Privacy to a HealthTech Analytics Dashboard
Wrap the existing analytics layer with OpenDP (or Google's differential-privacy library). Implement epsilon-delta accounting: per-query Laplace noise for counts and sums, Gaussi…
- Differential Privacy
- Privacy Budget
- Python Programming
Privacy-Enhancing Technologies - DesignIntermediateNew
Design a Secure-by-Default IoT Device Provisioning Flow
Design end-to-end provisioning: factory bootstrap (per-device key pair burned at manufacture), installer flow (BLE-driven activation, Wi-Fi handoff), cloud-side enrollment (mTLS…
- Iot Security
- Secure Provisioning
- Mutual Tls
Cyber-Physical and Cybercrime Topics - AnalysisIntermediateNew
Penetration-Test the TLS Configuration of an Edge Fleet
Receive read-only access to a 50-node representative sample (anonymized). Scan with testssl.sh + Qualys SSL Labs (where reachable) + a custom Go tool you write to test specific …
- Tls
- Applied Cryptography
- Penetration Testing
Applied Cryptography - AnalysisIntermediateNew
Privacy-by-Design Review for a Smart-City Data Platform
Map the new module's end-to-end data flow (sensors -> ingestion -> analytics -> dashboards -> exports). Run a Privacy Impact Assessment against OECD privacy principles + per-ten…
- Privacy By Design
- Privacy Regulation
- Compliance
Information Security Management and Governance Build a verifiable portfolio.
Submissions become evidence. Reviewers with shipping experience score against a rubric; the result becomes a credential anyone can verify.
Why Ewance
- CodeIntermediateNew
Fuzz a Memory-Unsafe Image-Parsing Library
Identify 3 critical parser entry points (DICOM dataset parser, JPEG 2000 decoder, TIFF directory parser) and write a libFuzzer harness + an AFL++ harness for each. Build with AS…
- Fuzzing
- Memory Safety
- Address Sanitizer
Software Security - CodeSeniorNew
Implement Threshold Signatures for a Multi-Sig Custody Service
Read the FROST IETF draft (draft-irtf-cfrg-frost) and the underlying Schnorr signature scheme on the secp256k1 curve. Implement the FROST distributed key generation (DKG) and 3-…
- Applied Cryptography
- Threshold Signatures
- Rust
Applied Cryptography - DesignSeniorNew
Design an End-to-End Encrypted Messaging Protocol
Read the Signal protocol specifications (X3DH, Double Ratchet) and the team's current architecture (server-stored unencrypted messages). Design an E2EE protocol covering: identi…
- Applied Cryptography
- Protocol Design
- Rust
Applied Cryptography - DesignIntermediateNew
Detection Engineering for Cloud DDoS Against a Public-Sector Portal
Receive sanitized logs from the 2 prior incidents (CloudFront, ALB, WAF) and the current AWS architecture. Design: 6 Sigma detection rules (mix L7 floods, slow-POST, low-rate di…
- Ddos Defense
- Detection Engineering
- Waf
Network Security - AnalysisBeginnerNew
Audit Encryption Choices for an E-Commerce Checkout Stack
Receive the architecture diagram (Next.js on Vercel, PostgreSQL on a managed service, Stripe-equivalent processor, Redis sessions), the TLS configurations for each public endpoi…
- Cryptography
- Tls
- Pci Dss
Introduction to Computer Security - CodeSeniorNew
Reverse-Engineer and Patch an N-Day Vulnerability in a Vendor Binary
Receive the vulnerable binary (Linux ELF, x86-64), the public CVE-2025-XXXX advisory + PoC, and the bank's deployment context (RHEL 9, the binary runs as a non-root service). Lo…
- Reverse Engineering
- Binary Exploitation
- Ghidra
Computer Systems Security - DesignIntermediateNew
Author an Incident Response Playbook for a Fintech Startup
Author a 4-phase playbook (Prepare, Detect & Analyze, Contain/Eradicate/Recover, Post-Incident) covering 6 incident classes: data breach, ransomware, account takeover, payment-f…
- Incident Response
- NIST Sp 800 61
- Security Governance
Information Security Management and Governance - AnalysisIntermediateNew
Network Privacy Posture Review of a Fintech's Internal Service Mesh
Receive an anonymized service inventory (110 services with owner, data classification, traffic volume buckets) and a sample of east-west traffic logs (5 high-volume service pair…
- Network Privacy
- Mtls
- Service Mesh
Network Security - DesignBeginnerNew
Vendor-Security Review Program for a Series-C SaaS
Design a 3-tier TPRM framework (critical / important / low-risk) with explicit classification criteria (data type, integration depth, downtime impact, regulatory scope). For eac…
- Third Party Risk
- Security Governance
- Compliance
Information Security Management and Governance - ResearchBeginnerNew
Cybercrime-Economy Brief for an Anonymized Insurance Underwriter
Synthesize open-source intelligence from CISA advisories, public vendor reports (CrowdStrike, Mandiant, Recorded Future), darknet-market trackers, and the Ransomware Live tracke…
- Threat Intelligence
- Cybercrime Economy
- Ransomware
Cyber-Physical and Cybercrime Topics - CodeBeginnerNew
Find and Exploit Web Vulnerabilities on a Capture-the-Flag Range
Receive credentials to the CTF environment, the 8 challenge specifications (each with a target endpoint and a flag to extract), and the Rails source for the vulnerable app. For …
- Web Security
- OWASP Top 10
- Penetration Testing
Introduction to Computer Security - CodeBeginnerNew
Build a Secure-Coding Linter Ruleset for a Backend Team
Receive the last 12 security-review findings, 3 representative repos (Node.js + TypeScript), and access to a CI pipeline (GitHub Actions). Build a custom Semgrep ruleset (or ESL…
- Secure Coding
- Static Analysis
- Semgrep
Introduction to Computer Security
How it works
From brief to credential, in six steps.
Step 01
Browse challenges aligned to your studies.
Step 02
Accept the one that fits your goals.
Step 03
Work through it with AI Copilot guidance.
Step 04
Submit for structured evaluation.
Step 05
Earn a verified credential.
Step 06
Add it to LinkedIn with one click.
Industry teams behind a decade of practitioner briefs
Hiring from this pool?
Sponsor a challenge and meet candidates through actual work.
Industry teams can shape briefs around the skills they hire for, then evaluate students on rubric-scored deliverables — not resumes.



















































































