School of
Information Technology and Electrical Engineering

Three teams from The University of Queensland’s Cyber Squad got a glimpse into the dark world of cyber attacks last week when they participated in the Shearwater Application Security Hackathon.

The Hackathon is a hands-on, nation-wide security challenge designed to provide students, software developers, and IT security professionals with a deeper understanding of cyber attacks and web application security.

This year’s challenge, InstaFriends, was comprised of a real social media website with simulated traffic and technologies, and vulnerabilities that represented actual application behaviours.

Participants were tasked with viewing the application through the eyes of a rogue adversary, quickly learning and applying hacking techniques in a testing environment while attempting to find and exploit 55 vulnerabilities and crypto-challenges intentionally built into the application.

Participants were able to post to another’s timeline without permission, escalate to admin privileges and change another user’s privacy settings.

Teams from UQ’s Cyber Squad battled 95 teams nationally, with all of the UQ teams putting in a strong performance, and students Haoxi Tan, Richard Li, Tim Kallioinen and Thomas Malcolm taking out first place on the day.

This is the first time that the UQ Cyber Squad has competed in this unique style of training event.

Winning team member, Bachelor of IT student, Haoxi Tan said the mixed skillset of the team and the high level of communication and collaboration between members set them apart from their competitors.

“We learned how to thoroughly catalogue vulnerabilities on a web application. Knowing just one of each kind of vulnerability was not enough; there were instances of the same issue repeated all throughout the app we tested. 

“Taking part in the competition made me more excited about finding some of the same issues in real world web applications. I think I would find the challenge fun and very rewarding.”

UQ launched the most comprehensive interdisciplinary Master of Cyber Security program in Australia in 2019. For more information about the program, please visit the UQ Future Students website.