Capstone Projects | Information School | University of Washington

Open-DevSecOps

Many students entering the software industry are unprepared for the newest expectations of entry-level roles, where understanding security and efficient operations are the bare-minimum at every phase of the software development lifecycle. The "Open-DevSecOps" project addresses this significant gap in education concerning DevSecOps and CI/CD principles. Our extensively researched online modules aim to offer a free educational service to enhance the understanding and application of these crucial skills. This project strives to provide essential up-to-date training, and shape the security industry's future for the better starting with every new-grad employee.

PII Safeguard - A PII Discovery/Redaction Browser Extension Tool

PII Safeguard is a Chrome browser extension tool designed to enhance data security by discovering, identifying, and redacting personally identifiable information (PII) across different files to protect sensitive information. By using a prototype designed in Figma that outlines the tool’s user interface and user interaction workflows, and leveraging a backend that's built with Python, the browser extension scans inputted files to detect over 40 different categories including financial, personal, and security entities. This software tool aids users in managing and securing sensitive PII, ensuring compliance with privacy standards and reducing the potential risk of data breaches.

Smartsheet: Streamlining Identity Access Management

Smartsheet faces challenges in conducting efficient and accurate user access reviews for federal regulation (SOX). The current reviewing process is time-consuming, error-prone, and poses security risks. Our team designed and developed an automated solution that streamlines user access review sheets, flags unauthorized accounts, and tracks KPIs. We also created a centralized data dictionary, providing managers with clear insights into user access and risks. Our solution has saved over 800 billable hours annually, optimized access reviews, enhanced compliance efforts and reduced security risks.

The State of Internet Privacy - Blacklight Archiver

Our project seeks to augment the existing Blacklight tool to enable users to compare current and previous ‘scans’ for a website, so that users are cognizant of how companies manage their data and are better equipped to take steps to secure it. The Blacklight Archiver, a product of tech publication The Markup, enables users to easily track online surveillance. By providing users with point-in-time comparisons of cookie-based website trackers, Blacklight users are able to see which websites are the largest surveillance offenders. This publicly-available product is useful to journalists and consumers alike.

Vedette: Streamlining Bug Report Deduplication For Google's Android Security

Duplicate bug reports are time-consuming for Google’s Android Cybersecurity Analysts and external Bug Reporters. 90% of submitted bug reports are unactionable, with many being duplicates. Enter Vedette, an AI-driven addition to Google’s existing Vulnerability Rewards Program Platform. Vedette grants Bug Reporters insight into the similarity of their proposed report to ones submitted by other reporters in the past, offering curated report comparisons that examine key threat attributes. By providing real-time deduplication assistance, Vedette helps Bug Reporters make informed reporting decisions, saving themselves and Google Security Analysts time and energy to focus on investigating novel security threats.

PenSec - Cybersecurity Education for Students and Small Businesses

Cybersecurity is a field that has seen an incredible amount of growth in the last decade. PenSec is an educational platform for students and small businesses looking to expand their knowledge within cybersecurity, more specifically within penetration testing. While most people are aware of the implications a weak cybersecurity infrastructure can have, they are unaware of where to begin. Through PenSec, we aim to allow people to gain an insight into penetration testing and provide them with resources to further their interest in cybersecurity.

Automatic Privacy Notice Checker

Washington State Department of Licensing (DOL) currently evaluates the privacy notices of their data recipients who collect information about state residents for business purposes manually. This process is time-intensive, inconsistent, and prone to human error. Our team developed an Automated Privacy Notice Checker (APNC) tool to address these concerns. APNC assesses these privacy notices based on defined baseline requirements and highlights the non-compliant areas by these data recipients as per the DOL standards. Our solution makes the entire process more consistent, quick and data-driven. With improved efficiency, our tool empowers the DOL in securing the data of Washington State Residents.

CyberDawgs: Uplifting Security Programs Through AI

Cybersecurity attacks are becoming increasingly complex, making it challenging for many Cybersecurity professionals to identify and respond to threats in a timely manner. Our sponsor, KPMG, aims to develop new cybersecurity tools that use machine learning (ML) and artificial intelligence (AI) to identify more risks and facilitate better risk-based decisions. CyberDawgs is an ML-based dashboard that helps identify suspicious user activity at scale by analyzing login patterns targeted by attackers across multiple features and entities. By analyzing large volumes of data quickly and providing real-time insights, CyberDawgs can enable cybersecurity professionals to respond to threats more effectively.

Digital Safety in the Metaverse

In this project, we identified potential digital safety concerns in the metaverse based on current trends in Web 2.0. We first develop three use cases in the healthcare, social, and entertainment sectors with specific scenarios. Then we identified current compensating controls to propose mitigation strategies for each risk in all three scenarios. Lastly, we categorised common risk categories to inform areas of concern and potential impact in the metaverse for general users.

NOVA - An AI Powered NIST CSF Education And Management Tool

Small to medium-sized companies face a significant challenge, as they are disproportionately targeted for cybersecurity threats and data breaches. To address this issue, we have developed Nova, an easy-to-use, effective, and affordable chatbot. The impact of Nova is twofold: it empowers clients to navigate and implement the NIST framework, address their cybersecurity needs, and educate themselves through tailored guidance.

iSchool Capstone

2024