Security Test Auditor
HTTP/HTTPS Intercepting proxy server with analysis tools to highlight security vulnerabilities
  • 2014-09-01
  • C#
  • Security
  • .Net Framework
  • About the Competition

    The 'Best of Britain Programming Competition' is aimed at showcasing the top Computer Science students in the UK (TechSpark). Hosted by Netcraft Ltd, participants had the abilitiy to pick a project to develop, either individually or as a group, that will improve/refine an existing service offered by the company. Netcraft provides internet security services including anti-fraud and anti-phishing services, application testing and PCI scanning. The competition is open to top performing students at universities including Bath, Bristol, Cambridge, Oxford, Southampton and more.

    My Solution

    The project I chose to work on primarily focused on aiding a security tester during the testing process by recording/storing all network communication, taking screenshots at configurable intervals, providing analysis tools to highlight potential security vulnerabilities and being able to retrieve all the data at another time. The system was also required to work non-intrusively for up to 4 weeks without interruption. The features I included are as follows:

    The main view, showing captured HTTP requests.
    Rules can be created for matching particular content.
    Filters can be created to look for security vulnerabilities.
    Detailed view of a request.
    Historical reports of a session can be viewed.
    Screenshots can be taken at regular intervals.
    Screenshots are linked to the closest HTTP request.