HomeProjectsScholarshipsCurriculumSFSPeople



WWW
ISIS

Home
Registration
Capture the Flag
Cyber Security Quiz
Digital Forensics Challenge
Essay Contest
Awareness Poster Design
Research Poster Presentation
Pitney Bowes E-Commerce Security Challenge
Hardware Design
Pictures
Directions to Poly
Hotel Recommendations
Contact Us



WWW
ISIS









Featured Project:

Advanced File Carving

Courses
ISISWiki
Research Opportunities
Join ISIS
Security Links
ISIS Blogs
Contact Us
Cyber Security Awareness Week 2007

Pitney Bowes Challenge

The Pitney Bowes Challenge has always been one of the more interesting and tough contests of CSAW. Binary analysis, protocol analysis, and reverse engineering are some of the skills that might be needed to complete the challenge. This year, the contest will be related to e-commerce and its security issues (e.g. the security of customer information).

You can now start solving this challenge!

Dates
Nov 16 - start: files are posted at 00:00:01 am.
Nov 19 - end: entries are due at 23:59:59 pm.

Description
Neweggmazon has grown from a small garage store to a larger mail order company. The founding owner, Bob Loblaw, has been ecstatic with the success of his company. Since the beginning of the company's operation, Bob has been using custom software written by a local consultant. It consists of a database back-end and a web layer for order entry. Orders may be placed either by call center employees who take phone orders, or by the customers themselves over the Internet. Lately, Bob has been feeling that something isn't quite right with the record keeping - some things just do not seem to add up, but he can't figure out what or who to suspect. Since Bob doesn't know much about computer and information security, he is thinking that he will have to ask someone else to look through the architecture and implementation of the system for any possible flaws. Even though Bob's company is growing fast, he doesn't have the money that those hotshot security consultants are asking for, and figures that he will propose it as a challenge to local college students. Bob hopes that someone will be able to spot any weaknesses that might exist in his application. For now, he will just share the database schema, along with a small amount of data from his customers. Maybe at a later date Bob will get the courage to share the web application code as well for analysis, but for the time being, he is interested in what the students might be able to find out from the database alone. The success and future of Neweggmazon relies on you!

Objective
Perform a security analysis of the information provided. This might be more difficult than usual as you will not be provided any source code of the web application that utilizes these tables. Feel free to use some speculation on how the web application might interact with the database. Compile your analysis into a report describing the vulnerabilities, types of attack, and risks exposed to Neweggmazon's business. The report will be judged on the number of potential vulnerabilities and attacks found and the understanding of risks to Neweggmazon. In the event that two reports are too close to differentiate, the one that was submitted first will break the tie.

Contest Type
Individual. This contest can be done remotely. However, all finalists are required to attend the award ceremony on December 4th at Polytechnic University where the prize winners will be announced. Students who need to travel more than 100 miles will be given a lump-sum scholarship to offset their travel costs.

Submission
Address your questions and submit your reports to csaw@isis.poly.edu

Prizes
  • 1st Place: $500
  • 2nd Place: $250
  • 3rd Place: $100
Pitney Bowes Finalists
Mergim Cahani Polytechnic University College Graduate
Aleksey Fateev Polytechnic University College Undergrad
Joseph Ceirante Polytechnic University College Undergrad
Adam Macejak Polytechnic University College Graduate
Caleb Loverro SUNY Binghamton College Undergrad
Abhay Nayak Polytechnic University College Graduate
Royce Corley Polytechnic University College Undergrad
Paul Capitini Rutgers University College Undergrad
Tim Vidas Naval Postgrad School College Graduate
Kapo Li Queens College College Graduate

2007 Winners
1st Place Tim Vidas Submission
2nd Place Aleksey Fateev Submission
3rd Place Caleb Loverro Submission