331 - Network and Web Security - 2020

Table of Contents


  • The 2020 edition of the course is over. We hope you enjoyed learning about network and web security.

Hall of Fame

  • Netcraft 331 Prizes
    • Also this year Netcraft sponsored awards for the top 10 performers in the exam (an Amazon voucher worth GBP 250)
    • The winners of the 2020 edition were: Zak Cutner, Daniel Hails, Hadrian Lim Wei Heng, Fraser May, Alexander Nielsen, Giovanni Passerello, Matthew Pull, Ethan Sarif-Kattan, Marco Selvatici, Sebastian Reuter
    • The winners of the 2019 edition were: Jordan Spooner, Teodor Begu, Thomas Pointon, William Seddon, Niklas Vangerow, Lorenzo Silvestri, Pablo Gorostiaga-Belio, Giorgos Gavriil, Olivier Roques, Aurel Bily
  • 331 Bug Bounty
    • Kelvin Zhang reported an authentication vlunerability in https://play.mtn.co.za/ to HackerOne, and got credited for it
  • 331 Ofuscation Bounty
    • Winners: James Williams, Marco Selvatici
    • Runner ups: Tristan Nemoz, Robert Jin, James Dalboth and Anonymous



  • Office hours: Thursday 5:00pm-7:00pm, Hux 441.
  • Please post your questions on our Piazza page!
    • Other students may benefit from your questions, or may know the answer.
    • We will do our best to answer any remaining questions quickly.
  • We will have some in-class demos. You are welcome to bring your laptop if you want to be hands-on.
  • Preliminary slides will be available on materials the day before the lecture.
    • Revised slides may be uploaded at a later stage.
  • Suggested reading will be pointed out during the lectures and then posted on this page.
  • Timetable:
    • Mon 2pm-3pm Hux 311 (lecture)
    • Mon 3pm-4pm Hux 219 (lab)
    • Thu 2pm-4pm Hux 311 (lecture)
  • This course is not be recorded on Panopto.
  • For external students: the registration link is here


  • Assessed coursework
    • The exercise started on 17/2.
    • The deadline for online submission on Answerbook was on 28/2.
    • Marks and personalised feedback were provided by email on 2/3.
  • Exam
    • Covid-19 special arrangements: see Announcements at the top of the page, and read relevant posts on Piazza.




sergio.jpg Sergio Maffeis. Sergio is a senior lecturer in Computer Security at Imperial. He received his Ph.D. from Imperial and his MSc from University of Pisa, Italy. Maffeis' research interests include security, formal methods, and programming languages. His recent work focuses on the application of formal methods to web security. You can find out more from his home page.

Guest Lecturers

marco.jpg Marco Cova. Marco is a senior security researcher and a member of the founding team of Lastline, a company providing anti-malware solutions. Before defecting to industry, he was a Lecturer in Computer Security with the School of Computer Science, University of Birmingham. He has received his PhD from the University of California, Santa Barbara.

kuan.jpg Kuan Hon. Dr W Kuan Hon (MA(Cantab), LLM(UPenn), MSc & DIC Computing Science (Imperial), LLM(QMUL), joint law/computer science PhD(QMUL)) is a Director with the Privacy, Security & Information Law team at international law firm Fieldfisher, specialising in data protection/security law particularly in the context of cloud computing and other emerging technologies. An Editor of the Encyclopedia of Data Protection and Privacy, volunteer with the UK Information Commissioner's Office and previously a member of the British Computer Society's Information Privacy Expert Panel, Kuan has been invited to present for ENISA, the Cloud Security Alliance, CERN and UK government departments as well as technology industry conferences. Kuan's book Data Localization Laws and Policy argues for a focus on security over geographic data location. She was lead author of eight chapters of Cloud Computing Law.

charlie.jpg Charlie Hothersall-Thomas. Charlie graduated in 2014 with a BEng in Computing from Imperial College London, and currently works for Netcraft in Bath. His technical expertise includes web security, TLS and PKI, Linux system administration, Bitcoin, and Tor. He started BrowserAudit as his final year project at Imperial.

joseph.jpg Joseph Katsioloudes. Joseph is a Security Consultant at IBM. He previously obtained an MSc in Cyber Security Engineering from the University of Warwick and an MEng in Computing from Imperial College London. His experience in security stems from summer internships and own initiatives to problem-solve. Highlights include the disclosure of a zero-day vulnerability for a top ten cryptocurrency during his final year at Imperial College, the GCHQ security accreditation, software contributions to open-source tools and advanced attack simulations.

Graduate Teaching Assistants

almuthanna.jpg Almuthanna Alageel. Almuthanna is a PhD student from Imperial under the supervision of Dr. Maffeis. Before joining Imperial he was a cyber security consultant at KACST. He received his MSc from the University of Colorado at Denver, and his BSc from King Saud University. Almuthanna is working on detecting evasive APT campaigns.

aaron.jpg Zhongyuan "Aaron" Hau. Aaron is a PhD student from Imperial under the supervision of Dr. Lupu, working on anomaly detection. He received his M.Sc Computing Science from Imperial College London.

mohamad.png Mohamad Hazim. Hazim is a PhD student from Imperial under the supervision of Dr. Maffeis. He received his MCompSc from the University of Malaya, Malaysia. His research interests include computer security and artificial intelligence. Hazim is currently working on software vulnerability detection using machine learning.

giulio.png Giulio Zizzo. Giulio is a PhD student at Imperial working on deep learning based intrusion detection for industrial control systems, under the supervision of Prof Hankin.