Computer & Information Sciences
Cyber Security Challenges
Real cyber-security challenges on Ewance — assess risk, harden systems, and respond to threats the way a working security professional does. Solve them to build a portfolio of verified, recruiter-checkable proof you can do the work — not just describe it.
Recommended challenges
- DesignIntermediateNew
Intrusion Detection at the Edge for a Tier-1 Auto Supplier's OT Network
Receive an anonymized network diagram for 1 plant, sample pcap (packet capture) traffic of Modbus + OPC UA + PROFINET flows, and a list of 10 known OT attack scenarios from MITR…
- Intrusion Detection
- Ot Security
- Zeek
Network Security - ResearchSeniorNew
Audit a Custom Cryptographic Protocol
Read the 22-page protocol spec, the Go reference implementation (around 4,000 lines), and the test vectors. Run a structured review covering: primitive choices (which cipher, MA…
- Applied Cryptography
- Cryptographic Audit
- Protocol Analysis
Applied Cryptography - AnalysisIntermediateNew
Build a Risk Register for a Cross-Border Healthcare Provider
Run 8 structured interviews (CISO, IT director, clinical-systems lead, DPO, 4 clinic managers) to surface the top risk candidates. Map each risk against NIST SP 800-30 (threat s…
- Risk Management
- NIST Sp 800 30
- Security Governance
Information Security Management and Governance - CodeIntermediateNew
Apply Differential Privacy to a HealthTech Analytics Dashboard
Wrap the existing analytics layer with OpenDP (or Google's differential-privacy library). Implement epsilon-delta accounting: per-query Laplace noise for counts and sums, Gaussi…
- Differential Privacy
- Privacy Budget
- Python Or Javascript
Privacy-Enhancing Technologies Practice your coursework on real scenarios.
Every challenge is shaped from real industry context — not generic exercises. The work mirrors what your degree prepares you for.
Why Ewance
- AnalysisBeginnerNew
GDPR Article 25 Privacy-By-Design Review for a HealthTech API
Review the API specification (OpenAPI 3, provided, 42 endpoints). For each endpoint: identify data categories handled (special-category health data, identifiers, traffic data), …
- GDPR
- Privacy By Design
- REST API Design
Privacy-Enhancing Technologies - StrategySeniorNew
TLS and PKI Migration to Post-Quantum for a Cross-Border Bank
Receive an anonymized TLS inventory (endpoint, current cipher suite, TLS version, certificate issuer, last rotation, business criticality) and the bank's PKI hierarchy. Score en…
- Tls
- Pki
- Post Quantum Cryptography
Network Security - CodeIntermediateNew
Harden a Linux Container Runtime Against Privilege Escalation
Receive the pen-test report (with attack chain), the current cluster config (EKS 1.29, default Amazon Linux 2023 worker nodes), and 3 representative workload classes (web API, a…
- Os Security
- Linux Hardening
- Apparmor
Computer Systems Security - AnalysisIntermediateNew
Network Privacy Posture Review of a Fintech's Internal Service Mesh
Receive an anonymized service inventory (110 services with owner, data classification, traffic volume buckets) and a sample of east-west traffic logs (5 high-volume service pair…
- Network Privacy
- Mtls
- Service Mesh
Network Security - Browse challenges
Explore role
Product Manager
Ship product that solves real user problems. Combine user research, prototyping, and stakeholder alignment to turn ambiguous briefs into measurable wins — the role at the centre of modern software teams.
- DesignIntermediateNew
Threat Model a HealthTech Patient-Portal Web App
Read the 25-page redesign architecture document (auth via Clerk, Next.js front-end, FastAPI backend, Postgres, S3 for documents, webhook integration with EMRs). Build data-flow …
- Threat Modeling
- STRIDE
- Secure Design
Software Security - AnalysisBeginnerNew
Threat-Model a Patient-Intake Web App for a Telemedicine Startup
Receive the architecture diagram (Next.js front-end, Node.js API, PostgreSQL, S3 for ID-photo uploads, Clerk for auth), the data-flow description for patient intake, and the SOC…
- Threat Modeling
- STRIDE
- Risk Assessment
Introduction to Computer Security - CodeIntermediateNew
Secure the Software Supply Chain of an Open-Source SDK
Audit the current state: dependency tree, publish process, GitHub Actions workflows, signing posture. Generate an SBOM (CycloneDX format) using Syft. Run OpenSSF Scorecard and t…
- Supply Chain Security
- Slsa
- Sbom
Software Security - DesignIntermediateNew
Design a Secure-by-Default IoT Device Provisioning Flow
Design end-to-end provisioning: factory bootstrap (per-device key pair burned at manufacture), installer flow (BLE-driven activation, Wi-Fi handoff), cloud-side enrollment (mTLS…
- Iot Security
- Secure Provisioning
- Mutual Tls
Cyber-Physical and Cybercrime Topics Build a verifiable portfolio.
Submissions become evidence. Reviewers with shipping experience score against a rubric; the result becomes a credential anyone can verify.
Why Ewance
- CodeSeniorNew
Build a Kernel-Module Sandbox for an Untrusted Code Service
Receive the current Docker-based sandbox configuration, post-incident reports for both escapes, and the runtime requirements for Python and C++ (compilers, package availability,…
- Sandboxing
- Seccomp Bpf
- Gvisor
Computer Systems Security - CodeIntermediateNew
Implement Authenticated Encryption for a Document Service
Design the envelope-encryption hierarchy: customer Key Encryption Key (KEK) held in AWS KMS (Key Management Service), Data Encryption Keys (DEKs) wrapped per document. Use AES-2…
- Applied Cryptography
- Aead
- Key Management
Applied Cryptography - CodeBeginnerNew
Find and Exploit Web Vulnerabilities on a Capture-the-Flag Range
Receive credentials to the CTF environment, the 8 challenge specifications (each with a target endpoint and a flag to extract), and the Rails source for the vulnerable app. For …
- Web Security
- OWASP Top 10
- Penetration Testing
Introduction to Computer Security - ResearchBeginnerNew
Cybercrime-Economy Brief for an Anonymized Insurance Underwriter
Synthesize open-source intelligence from CISA advisories, public vendor reports (CrowdStrike, Mandiant, Recorded Future), darknet-market trackers, and the Ransomware Live tracke…
- Threat Intelligence
- Cybercrime Economy
- Ransomware
Cyber-Physical and Cybercrime Topics - AnalysisIntermediateNew
Run a Red-Team Exercise on a Cloud-Native Microservices Platform
Receive a scoped engagement letter (in-scope: 6 microservices and their CI/CD pipelines; out-of-scope: customer-data exfiltration beyond proof-of-access), the architecture diagr…
- Red Team Operations
- Kubernetes Security
- Lateral Movement
Computer Systems Security - AnalysisIntermediateNew
Anonymous Communications Threat-Model for a Whistleblower Platform
Document the current stack's threat model using the LINDDUN framework (linkability, identifiability, non-repudiation, detectability, disclosure of information, unawareness, non-…
- Anonymous Communication
- Threat Modeling
- Tor
Privacy-Enhancing Technologies - DesignIntermediateNew
Author an Incident Response Playbook for a Fintech Startup
Author a 4-phase playbook (Prepare, Detect & Analyze, Contain/Eradicate/Recover, Post-Incident) covering 6 incident classes: data breach, ransomware, account takeover, payment-f…
- Incident Response
- NIST Sp 800 61
- Security Governance
Information Security Management and Governance - CodeSeniorNew
Build a Secure Multi-Party Computation Demo for Cross-Bank Fraud Detection
Pick MP-SPDZ as the MPC framework. Build a 4-party demo computing two protocols: (1) private set intersection of suspicious-account IDs across banks, (2) joint aggregate (count …
- Secure Computation
- Mpc
- Cryptography
Privacy-Enhancing Technologies - CodeBeginnerNew
Build a Secure-Coding Linter Ruleset for a Backend Team
Receive the last 12 security-review findings, 3 representative repos (Node.js + TypeScript), and access to a CI pipeline (GitHub Actions). Build a custom Semgrep ruleset (or ESL…
- Secure Coding
- Static Analysis
- Semgrep
Introduction to Computer Security - AnalysisIntermediateNew
Threat Model a Water-Utility SCADA Network Before a Migration
Review provided network diagrams (current and proposed), the asset inventory (around 180 PLCs (programmable logic controllers), 22 engineering workstations, 6 historian servers)…
- Threat Modeling
- Ics Security
- Scada
Cyber-Physical and Cybercrime Topics - AnalysisBeginnerNew
Audit Encryption Choices for an E-Commerce Checkout Stack
Receive the architecture diagram (Next.js on Vercel, PostgreSQL on a managed service, Stripe-equivalent processor, Redis sessions), the TLS configurations for each public endpoi…
- Cryptography
- Tls
- Pci Dss
Introduction to Computer Security - AnalysisBeginnerNew
Wireless Security Audit and Hardening for a Telco's Public Wi-Fi
Receive a sampled audit set: AP configurations for 80 sites (vendor mix, current encryption, EAP — Extensible Authentication Protocol — method, captive-portal config). Run analy…
- Wireless Security
- Wpa3
- Eap
Network Security
How it works
From brief to credential, in six steps.
Step 01
Browse challenges aligned to your studies.
Step 02
Accept the one that fits your goals.
Step 03
Work through it with AI Copilot guidance.
Step 04
Submit for structured evaluation.
Step 05
Earn a verified credential.
Step 06
Add it to LinkedIn with one click.
Industry teams behind a decade of practitioner briefs
Hiring from this pool?
Sponsor a challenge and meet candidates through actual work.
Industry teams can shape briefs around the skills they hire for, then evaluate students on rubric-scored deliverables — not resumes.