CYSE 368 REFLECTION PAPER 2

Posted by joani001 on

Joshua Oania

Reflection Paper 2

Date: 3/8/26

ODU Spring 2026

Earth Viability Center

Professor Teresa Duvall/TA Joshua Russell

Internship Reflection Paper

Over the next 50 hours, I began working on my assigned tasks.  The main task I tackled is the concept of user tracking and storage in the Place4Us platform.  During this time, there was no way to track user activity, nor was there a clear understanding of what we could track without violating user privacy, so I spent a lot of time researching the legality of user activity tracking on social media platforms to better understand what we can and can’t collect, so I was able to develop a plan for what could be implemented and present it to the other 

On that note, one of the biggest challenges I faced over the next 50 hours was determining what could and couldn’t be collected.  One of the ways I was able to do that was by developing a baseline of the bare minimum required from users to keep the platform operational, both from a general and a security standpoint.  Through my assessments, I found that users had an option to track their logins, which was turned off by default.  At a glance, it seemed like a good security measure because users had the option to opt out of getting this particular information collected from them.  However, from a security perspective, it was concerning because, should an incident such as a brute-force attack occur, there would be no way to determine that an attack happened, as that information wasn’t collected.

Another challenge I faced was determining what work had already been done to harden the platform.  During the onboarding process, I was told where to find interns’ previous work, so I spent a lot of time reading through it to better understand what had already been done and avoid reinventing the wheel.  I also hoped to improve and build upon their work.  

I read a particular report that was very valuable.  It was a comprehensive risk assessment of the platform done by a previous group of interns.  During their risk assessment, they used Valor’s Top 10 Digital Security Checklist and NIST 2.0 to identify threats and vulnerabilities across the platform.  And one of the things they found is that the login page is susceptible to brute-force attacks because it has a weak CAPTCHA.  Based on my own assessments, I found that the CAPTCHA is only shown when signing up for the platform, which doesn’t help stop brute-force attacks (or verify that a user logging into an account is legitimate).  Further assessments showed that the platform did not implement multi-factor authentication (which the previous interns had also found).

With all of that being said, I, along with another intern, worked on a presentation to share our findings with the interns and supervisors.  Some of the solutions I proposed include implementing mandatory user login tracking.  More specifically, tracking successful and failed attempts in order to determine whether there is a brute-force attempt that is happening.  Furthermore, I proposed tracking account changes (such as email changes) and session activity (e.g., logins from a new device) to detect unauthorized modifications and unusual logins.  

Overall, a lot of progress has been made in that area.  And I’m looking forward to finishing up the last 50 hours of my internship with Dr. Hans-Peter. 

Leave a Reply

Your email address will not be published. Required fields are marked *