Featured, Programming, Projects
10 Security Project Ideas for Final Year
Ten concrete project ideas in information security and ethical hacking. Each one is scope-able as a final year dissertation or a master's thesis, and each sits in a domain where real-world impact is easy to demonstrate.
Why Information Security Makes a Strong Final Year Project
Examiners want scope that is bounded but meaningful. Security projects tick both boxes. The threat surface is well-documented, the tooling is open-source, and a working proof-of-concept speaks louder than a literature review. Pick one of the ideas below, narrow the scope to a single attack vector or integration target, and you have a defensible project.
10 Project Ideas in Information Security and Ethical Hacking
1. Integrate Second Factor Authentication into an Existing Framework
Latch is an open second-factor authentication (2FA) technology. Existing open-source integrations cover PrestaShop, WordPress, PHPMyAdmin, PHPBB, Open-Xchange, OpenLDAP, and RoundCube. Dozens of popular frameworks still lack a plugin.
Pick one unintegrated framework such as phpLDAPadmin, Horde, or cPanel. Study the source of an existing Latch plugin to understand how 2FA hooks into the authentication flow, then build the equivalent adapter for your chosen target. The output is a working open-source plugin plus a paper documenting the integration points.
2. Evaluate Data Leakage via Public Documents
Publicly accessible documents on corporate and government websites routinely leak metadata: author names, internal paths, software versions, and revision histories. IBEX 35 companies and DLP-sector leaders have been audited this way.
Choose a sector (banking, public sector, healthcare), collect a corpus of public PDFs and Office documents, and run automated metadata extraction. Quantify the leakage rate and classify risk by metadata type. The result is a replicable audit methodology and a sector-level risk report.
3. Build a WiFi-Based Occupancy Detector
WiFi signals pass through walls and reflect off moving bodies. Research has shown this effect is sensitive enough to detect breathing rate and heartbeat. An occupancy detection system built on passive WiFi scanning has practical applications in home security, energy management, and accessibility.
The project involves training a classifier on signal-variation patterns that distinguish an occupied room from an empty one. Deliverables are the detection algorithm, a hardware-software prototype, and a false-positive rate analysis.
4. Configure WiFi Networks via Magnetometer Pulses
Mobile devices carry a magnetometer. Low-frequency magnetic pulses can encode data. The question is whether an Android app could read a pulse sequence from a magnetometer and use it to configure a WiFi network automatically, replacing QR-code provisioning.
Build a transmitter (hardware side) and a receiver app (Android side). Document the encoding scheme, the reliable transmission range, and the error rate compared with NFC and QR alternatives.
5. Dynamic Firewall Port Control with Latch
Latch's authorization model extends beyond login: it can gate any discrete action. Apply it to firewall management. Build a daemon that polls a Latch status endpoint every 5 minutes and updates iptables rules to open or close specified ports based on the current authorization state.
The user controls which ports are active from the Latch mobile app. The dissertation covers the daemon design, the security model (what an attacker who steals the Latch token can and cannot do), and a comparison with VPN-based alternatives.
6. Automate Backup Discovery via Apache mod_negotiation
Apache's mod_negotiation module returns files with different extensions when a requested filename lacks one. This behavior can expose backup files: request config and the server returns config.bak. FOCA already catalogs files found on a target web server.
Build a plugin for FOCA, or a standalone tool, that: detects whether a target Apache server has mod_negotiation active, enumerates all files on the server, then probes each filename without its extension to surface backup copies. Report false-positive rate and coverage against a controlled test environment.
7. Lock and Key Recognition for Lock-Picking Assistance
Physical security assessments require identifying lock models to select the correct picking technique. A mobile computer vision app that recognizes a key or lock from a photo and returns the make, model, and known picking approach would assist penetration testers doing physical security audits.
Train a classifier on images of common padlocks, deadbolts, and key profiles. Deliverables: the model, a mobile app interface, and an accuracy report by lock category. The paper should address legal and ethical constraints on publishing the tool.
8. Latch-Gated Laptop Docking Station
Laptop docking stations are often left connected and unattended in offices. Integrating Latch authorization into the docking station's power circuit means a device physically in the dock cannot be used unless the authorized user approves it from their phone.
The project covers the hardware integration (relay-based circuit or USB power control), the Latch daemon that polls authorization state, and a threat model comparing this approach with full-disk encryption and cable locks.
9. Webcam Usage History App
Every webcam activation is logged by the operating system. That log is not easily visible to ordinary users. An app that reads webcam activation records and displays a timeline, including start time, stop time, and the process that triggered the session, gives users a practical audit trail.
Build the app to run on Windows, Linux, and macOS. The cross-platform implementation requires reading OS-level logs on each platform (/var/log/ on Linux, the Windows Event Log, and the UVCAssistant logs on macOS). The paper covers privacy implications and a comparison with existing parental-control tools.
10. Man-in-the-Middle Attack Against Time-Limited 2FA Codes
Google Authenticator generates time-based one-time passwords (TOTP) that expire after 30 seconds. If an attacker performs an HTTP-to-HTTPS bridge (for example, downgrading an IPv6 HTTP request to IPv4 HTTPS) and captures both the password and the TOTP in the same window, they may authenticate two parallel sessions with one code before it expires.
This is a research and proof-of-concept project. Build a controlled lab environment: attacker-controlled proxy, two victim browser sessions, a TOTP-protected test server. Measure how often both sessions authenticate successfully within the code's validity window. Document mitigations (token binding, session anomaly detection, step-up authentication) and evaluate which ones close the attack.
Choose One, Scope It Tightly
Each of these ideas spans a semester of honest work. The mistake most students make is taking all ten as a feature list. Pick one, write a threat model first, and let the threat model determine your scope. A tight project with a working prototype and a clear evaluation methodology scores better than a broad survey with no implementation.
Need help with the implementation? GeeksProgramming developers work on security tooling, Android development, and systems programming. See Computer Science Homework Help for the full range of project assistance, or explore More Programming Project Ideas and Best Practices for Software Development Projects for adjacent reading.
Related articles
- Featured
Best Code Editors for Programmers in 2026
From Vim and Emacs to VS Code and Sublime Text, this guide covers the editors that working programmers actually use and what each one is good for.
Nov 13, 2014
- Featured
Python Programming for Beginners
Python is an interpreted, dynamically typed language with a clean syntax that suits both beginner projects and production-grade systems. Here is how it works.
Nov 11, 2014
- Featured
Programming Project Ideas to Build and Earn
10 programming project ideas for students and developers: web apps, social networks, computer vision, robotics, and open source contribution.
Oct 15, 2014


