Computer & Information Sciences
Cyber Security Challenges
Real cyber-security challenges on Ewance — assess risk, harden systems, and respond to threats the way a working security professional does. Solve them to build a portfolio of verified, recruiter-checkable proof you can do the work — not just describe it.
Recommended challenges
- DesignSeniorNew
Design an End-to-End Encrypted Messaging Protocol
Read the Signal protocol specifications (X3DH, Double Ratchet) and the team's current architecture (server-stored unencrypted messages). Design an E2EE protocol covering: identi…
- Applied Cryptography
- Protocol Design
- Systems Language Proficiency (Go, Rust, C++)
Applied Cryptography - DesignSeniorNew
Design a Confidential-Computing Architecture for a Genomics Workflow
Receive the workflow description (per-hospital genome BAM files uploaded to S3, processed by a variant-calling pipeline, results returned per-hospital), the partner-hospital leg…
- Confidential Computing
- Remote Attestation
- Secure Architectures
Computer Systems Security - AnalysisIntermediateNew
Penetration-Test the TLS Configuration of an Edge Fleet
Receive read-only access to a 50-node representative sample (anonymized). Scan with testssl.sh + Qualys SSL Labs (where reachable) + a custom Go tool you write to test specific …
- Tls
- Applied Cryptography
- Penetration Testing
Applied Cryptography - CodeIntermediateNew
Static Analysis SAST Rollout on a Fintech Codebase
Run baseline scans with Semgrep + SonarQube + Snyk Code across all 18 services. Triage the initial findings (likely 800-1,500 raw alerts) into true-positive / false-positive / i…
- Sast
- Semgrep
- Sonarqube
Software Security Develop in-demand professional skills.
Each challenge names the skills it strengthens. Over time, your profile fills with the competences a hiring manager would actually look for.
Why Ewance
- CodeIntermediateNew
Implement Federated Learning for a Government Statistics Office
Use Flower as the FL framework. Simulate 8 municipalities each with a partition of a synthetic wage dataset (provided, 1M rows, EU-Labour-Force-Survey schema). Train a gradient-…
- Federated Learning
- Differential Privacy
- Python Or Javascript
Privacy-Enhancing Technologies - CodeSeniorNew
Reverse-Engineer and Patch an N-Day Vulnerability in a Vendor Binary
Receive the vulnerable binary (Linux ELF, x86-64), the public CVE-2025-XXXX advisory + PoC, and the bank's deployment context (RHEL 9, the binary runs as a non-root service). Lo…
- Reverse Engineering
- Binary Exploitation
- Ghidra
Computer Systems Security - AnalysisIntermediateNew
GDPR + AI Act Compliance Assessment for an HR-Tech Vendor
Audit the candidate-screening product against: GDPR Articles 5, 6, 13, 14, 22, 25, 32, 35; AI Act high-risk-system obligations (Annex III - employment); plus the customer's spec…
- Compliance
- Privacy Regulation
- GDPR
Information Security Management and Governance - DesignBeginnerNew
Vendor-Security Review Program for a Series-C SaaS
Design a 3-tier TPRM framework (critical / important / low-risk) with explicit classification criteria (data type, integration depth, downtime impact, regulatory scope). For eac…
- Third Party Risk
- Security Governance
- Compliance
Information Security Management and Governance - Browse challenges
Explore role
Strategy Analyst
Frame the business question, model the options, build the recommendation. From market sizing to competitive analysis, this role is where strategy consulting meets in-house decision-making.
- CodeSeniorNew
Build an Intrusion-Detection Rule Pack for a Manufacturing PLC Fleet
Analyze provided PCAP (packet capture) files from 3 anonymized customer sites covering normal operating windows and 2 red-team simulation windows. Implement Suricata rules for 8…
- Intrusion Detection
- Ics Security
- Suricata
Cyber-Physical and Cybercrime Topics - CodeSeniorNew
Implement Threshold Signatures for a Multi-Sig Custody Service
Read the FROST IETF draft (draft-irtf-cfrg-frost) and the underlying Schnorr signature scheme on the secp256k1 curve. Implement the FROST distributed key generation (DKG) and 3-…
- Applied Cryptography
- Threshold Signatures
- Systems Language Proficiency (Go, Rust, C++)
Applied Cryptography - DesignIntermediateNew
Detection Engineering for Cloud DDoS Against a Public-Sector Portal
Receive sanitized logs from the 2 prior incidents (CloudFront, ALB, WAF) and the current AWS architecture. Design: 6 Sigma detection rules (mix L7 floods, slow-POST, low-rate di…
- Ddos Defense
- Detection Engineering
- Waf
Network Security - CodeIntermediateNew
Fuzz a Memory-Unsafe Image-Parsing Library
Identify 3 critical parser entry points (DICOM dataset parser, JPEG 2000 decoder, TIFF directory parser) and write a libFuzzer harness + an AFL++ harness for each. Build with AS…
- Fuzzing
- Memory Safety
- Address Sanitizer
Software Security Get recognized by recruiters and employers.
Credentials are blockchain-anchored via LearnCoin — tamper-evident, portable, link-shareable on LinkedIn and beyond.
Why Ewance
- AnalysisIntermediateNew
Secure-by-Design Review of a Microservices Auth Subsystem
Read the 18-page proposed auth-service design (Next.js BFF, FastAPI auth-service, Postgres for sessions + refresh, Redis for short-lived tokens, integration with Auth0 for OIDC)…
- Secure Design
- OWASP Asvs
- Oauth2
Software Security - AnalysisSeniorNew
Forensic Reconstruction of an Anonymized Energy-Grid Incident
Triage the artifacts using a timeline-first methodology. Build a unified timeline across syslog, historian, firewall, and disk-image artifacts (Plaso super-timeline). Identify c…
- Digital Forensics
- Incident Response
- Ics Security
Cyber-Physical and Cybercrime Topics - AnalysisIntermediateNew
Privacy-by-Design Review for a Smart-City Data Platform
Map the new module's end-to-end data flow (sensors -> ingestion -> analytics -> dashboards -> exports). Run a Privacy Impact Assessment against OECD privacy principles + per-ten…
- Privacy By Design
- Privacy Regulation
- Compliance
Information Security Management and Governance - CodeBeginnerNew
Implement Authentication and Access Control for a Civic Portal
Receive the current Next.js + Express prototype, the data model (residents, requests, documents, audit log), and the 4 staff roles (resident, clerk, supervisor, auditor) with th…
- Authentication
- Authorization
- Rbac
Introduction to Computer Security
How it works
From brief to credential, in six steps.
Step 01
Browse challenges aligned to your studies.
Step 02
Accept the one that fits your goals.
Step 03
Work through it with AI Copilot guidance.
Step 04
Submit for structured evaluation.
Step 05
Earn a verified credential.
Step 06
Add it to LinkedIn with one click.
Industry teams behind a decade of practitioner briefs
Hiring from this pool?
Sponsor a challenge and meet candidates through actual work.
Industry teams can shape briefs around the skills they hire for, then evaluate students on rubric-scored deliverables — not resumes.