CSY103 Week 12 - Prepare for the capstone by consolidating tool-building skills before moving to reading resources.

Opening Framing: From Learner to Builder

Over the past eleven weeks, you've learned the building blocks of security programming: variables, control flow, loops, functions, data structures, file operations, error handling, external data, regex, and security libraries.

Now it's time to combine everything into a tool that solves a real security problem. This capstone project demonstrates your ability to design, implement, and document a complete security automation solution—exactly what you'll do in a security role.

You'll choose from several project options (or propose your own), develop a working tool, and create documentation that another security professional could use to understand and run your tool.

Key insight: Building a complete tool requires integrating multiple concepts. The challenge isn't any single technique—it's combining them effectively to solve a real problem.

Project Requirements

Your capstone project must demonstrate proficiency across the course learning outcomes. Every project must include:

Core Requirements (all projects):

File I/O: Read input from files and/or write output to files
Data Structures: Use lists and dictionaries effectively
Functions: Organize code into reusable functions
Error Handling: Handle errors gracefully (try/except)
Command-Line Interface: Use argparse for user configuration
Documentation: Include docstrings and a README

Choose at least TWO additional features:

Regular expressions for pattern matching
External API integration (requests library)
Hashing or encoding (hashlib, base64)
JSON/CSV data processing
URL parsing and analysis
Timestamp parsing and time-based analysis

Deliverables:

Python source code (well-organized, commented)
README.md with usage instructions
Sample input files for testing
Example output demonstrating functionality
Brief write-up explaining design decisions (300-500 words)

Project Option 1: Log Analysis Framework

Build a flexible log analyzer that can process different log formats and generate security-focused reports.

Features:

Parse multiple log formats (Apache, auth.log, custom)
Extract IPs, usernames, timestamps, and events
Detect patterns: brute force attempts, unusual hours, top talkers
Generate summary statistics and alerts
Export results to JSON and/or CSV

Sample Usage:

python log_analyzer.py access.log --format apache --output report.json
python log_analyzer.py auth.log --format syslog --threshold 5 --alert

Suggested Structure:

log_analyzer/
├── log_analyzer.py      # Main script
├── parsers.py           # Log parsing functions
├── analyzers.py         # Analysis functions
├── reporters.py         # Output generation
├── README.md
└── samples/
    ├── sample_apache.log
    └── sample_auth.log

Project Option 2: IOC Management Tool

Build an Indicator of Compromise management system that can ingest, validate, deduplicate, and export IOCs.

Features:

Import IOCs from multiple sources (text, CSV, JSON)
Validate IOC formats (IP, hash, domain, URL, email)
Deduplicate and normalize entries
Tag and categorize IOCs
Search and filter by type, tag, or date
Export in multiple formats with defanging option

Sample Usage:

python ioc_manager.py import threat_feed.csv --source "ThreatIntel Feed"
python ioc_manager.py search --type ip --tag malware
python ioc_manager.py export --format stix --defang

Suggested Structure:

ioc_manager/
├── ioc_manager.py       # Main CLI
├── validators.py        # IOC validation
├── storage.py           # JSON-based storage
├── exporters.py         # Export formats
├── README.md
└── samples/
    ├── sample_iocs.txt
    └── sample_feed.csv

Project Option 3: Security Report Generator

Build a tool that automates security report generation from scan results, combining multiple data sources into formatted reports.

Features:

Parse vulnerability scan output (CSV or JSON)
Categorize findings by severity
Calculate risk scores and statistics
Generate executive summary and detailed findings
Output to Markdown and/or HTML
Include charts/tables for statistics

Sample Usage:

python report_generator.py scan_results.csv --template executive
python report_generator.py findings.json --format html --output report.html

Suggested Structure:

report_generator/
├── report_generator.py  # Main script
├── parsers.py           # Scan result parsing
├── analyzers.py         # Statistics and scoring
├── templates.py         # Report templates
├── README.md
└── samples/
    ├── sample_scan.csv
    └── sample_findings.json

Project Option 4: File Integrity Monitor

Build an enhanced file integrity monitoring system with alerting and reporting capabilities.

Features:

Create baseline hashes for directories
Detect modified, deleted, and new files
Support multiple hash algorithms
Filter by file extension or pattern
Generate detailed change reports
Track change history over time

Sample Usage:

python fim.py baseline /etc --extensions .conf,.cfg --output etc_baseline.json
python fim.py check /etc --baseline etc_baseline.json --alert
python fim.py history --show-changes

Suggested Structure:

file_integrity_monitor/
├── fim.py               # Main script
├── hasher.py            # File hashing
├── scanner.py           # Directory scanning
├── reporter.py          # Change reporting
├── README.md
└── samples/
    └── test_directory/

Project Option 5: Propose Your Own

Have a security automation idea? Propose your own project!

Proposal Requirements:

Clear problem statement: What security task does it automate?
Feature list: What will the tool do?
Technical approach: Which Python concepts will you use?
Scope: Achievable in one week of focused work

Example Ideas:

Password policy checker/auditor
Network connection monitor
Phishing URL analyzer
Security configuration auditor
Incident timeline builder
Threat intel feed aggregator

Submit your proposal for approval before starting.

Development Process

Follow this structured approach to build your capstone:

Day 1-2: Design

Choose your project
Define features and scope (don't over-scope!)
Sketch the file structure
List functions you'll need
Identify libraries to use

Day 3-4: Core Implementation

Build the core functionality first
Test each function as you write it
Handle the "happy path" before edge cases
Commit working code frequently

Day 5-6: Enhancement and Error Handling

Add error handling throughout
Implement additional features
Add command-line arguments
Test with various inputs

Day 7: Documentation and Polish

Write README with usage examples
Add docstrings to all functions
Create sample input files
Generate example output
Write design decisions document

README Template

Your README.md should follow this structure:

# Tool Name

Brief description of what the tool does and what problem it solves.

## Features

- Feature 1
- Feature 2
- Feature 3

## Requirements

- Python 3.8+
- Required libraries (if any)

## Installation
```bash
# Clone or download
# Install dependencies (if any)
pip install -r requirements.txt
```

## Usage

### Basic Usage
```bash
python tool.py input_file.txt
```

### Advanced Options
```bash
python tool.py input.txt --output report.json --verbose
```

## Examples

### Example 1: Basic Analysis
```bash
python tool.py samples/sample.log
```
Output:

## Author

Your Name - CSY103 Capstone Project

Evaluation Criteria

Your capstone will be evaluated on these criteria:

Criteria	Points
Functionality: Tool works as described	25
Code Quality: Clean, organized, well-commented	20
Error Handling: Graceful failure, helpful messages	15
Documentation: README, docstrings, examples	15
Security Relevance: Solves real security problem	15
Design Decisions: Thoughtful write-up	10

Total: 100 points. Projects scoring 80+ demonstrate professional-level work.

Real-World Context: Building Security Tools

The capstone simulates real security work:

SOC Automation: Security Operations Centers constantly build internal tools to automate repetitive tasks. A log analyzer that saves 30 minutes per investigation adds up to weeks of saved time annually.

Incident Response: IR teams build custom tools during investigations. The ability to quickly create a purpose-built parser or analyzer can be the difference between containing a breach in hours vs. days.

Open Source Contribution: Many security professionals share their tools on GitHub. Your capstone could be the foundation of an open-source project that helps the community.

Interview Demonstrations: When applying for security roles, showing a tool you built demonstrates practical skills better than any certification. Your capstone is portfolio material.

Key insight: Security professionals who can build tools are force multipliers. This capstone proves you have that capability.

Guided Example: Mini Log Analyzer

Here's a simplified example showing how to structure a capstone project:

#!/usr/bin/env python3
"""
Mini Log Analyzer - CSY103 Capstone Example
Demonstrates project structure and requirements
"""

import argparse
import json
import re
from collections import defaultdict
from datetime import datetime


def parse_log_line(line):
    """Parse a single log line into structured data."""
    pattern = r"(\d{4}-\d{2}-\d{2}) (\d{2}:\d{2}:\d{2}) (\w+) (.+)"
    match = re.match(pattern, line.strip())
    
    if not match:
        return None
    
    return {
        "date": match.group(1),
        "time": match.group(2),
        "level": match.group(3),
        "message": match.group(4)
    }


def extract_ips(text):
    """Extract IP addresses from text."""
    pattern = r"\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b"
    return re.findall(pattern, text)


def analyze_logs(filepath):
    """Analyze log file and return statistics."""
    stats = {
        "total_lines": 0,
        "parsed_lines": 0,
        "by_level": defaultdict(int),
        "ip_counts": defaultdict(int),
        "errors": []
    }
    
    try:
        with open(filepath, "r") as f:
            for line_num, line in enumerate(f, 1):
                stats["total_lines"] += 1
                
                parsed = parse_log_line(line)
                if parsed:
                    stats["parsed_lines"] += 1
                    stats["by_level"][parsed["level"]] += 1
                    
                    for ip in extract_ips(parsed["message"]):
                        stats["ip_counts"][ip] += 1
    
    except FileNotFoundError:
        stats["errors"].append(f"File not found: {filepath}")
    except Exception as e:
        stats["errors"].append(f"Error: {e}")
    
    # Convert defaultdicts for JSON
    stats["by_level"] = dict(stats["by_level"])
    stats["ip_counts"] = dict(stats["ip_counts"])
    
    return stats


def generate_report(stats, output_format="text"):
    """Generate report from statistics."""
    if output_format == "json":
        return json.dumps(stats, indent=2)
    
    lines = [
        "=" * 50,
        "LOG ANALYSIS REPORT",
        "=" * 50,
        f"Total lines: {stats['total_lines']}",
        f"Parsed successfully: {stats['parsed_lines']}",
        "",
        "Events by Level:",
    ]
    
    for level, count in stats["by_level"].items():
        lines.append(f"  {level}: {count}")
    
    if stats["ip_counts"]:
        lines.append("")
        lines.append("Top IP Addresses:")
        sorted_ips = sorted(stats["ip_counts"].items(), 
                          key=lambda x: x[1], reverse=True)[:5]
        for ip, count in sorted_ips:
            lines.append(f"  {ip}: {count}")
    
    return "\n".join(lines)


def main():
    """Main entry point."""
    parser = argparse.ArgumentParser(
        description="Mini Log Analyzer - Analyze security logs"
    )
    parser.add_argument("logfile", help="Path to log file")
    parser.add_argument("-o", "--output", help="Output file path")
    parser.add_argument("-f", "--format", choices=["text", "json"],
                       default="text", help="Output format")
    
    args = parser.parse_args()
    
    print(f"Analyzing {args.logfile}...")
    stats = analyze_logs(args.logfile)
    report = generate_report(stats, args.format)
    
    if args.output:
        with open(args.output, "w") as f:
            f.write(report)
        print(f"Report saved to {args.output}")
    else:
        print(report)


if __name__ == "__main__":
    main()

This example shows: argparse, file I/O, regex, functions, error handling, data structures, and multiple output formats—all capstone requirements.

Week 12 Outcome Check

By the end of this week, you should have:

Designed a complete security tool
Implemented core functionality with proper structure
Added comprehensive error handling
Created a command-line interface
Written documentation and usage examples
Tested with realistic sample data

Congratulations! Completing this capstone demonstrates you can build practical security automation tools—a skill that will serve you throughout your cybersecurity career.

🎯 Hands-On Labs (Free & Essential)

Prepare for the capstone by consolidating tool-building skills before moving to reading resources.

🎮 TryHackMe: Python Basics (Capstone Review)

What you'll do: Review core Python concepts in one structured pass.
Why it matters: A smooth capstone depends on confidence with fundamentals.
Time estimate: 2-3 hours

Start TryHackMe Python Basics →

📝 Lab Exercise: Capstone Planning Sheet

Task: Draft a project plan with features, inputs, outputs, and test cases.
Deliverable: One-page plan plus a minimal task list.
Why it matters: Planning reduces scope creep and makes your tool shippable.
Time estimate: 45-60 minutes

🏁 PicoCTF Practice: General Skills (Tool Building)

What you'll do: Solve beginner challenges that simulate tool-building workflows.
Why it matters: CTF-style tasks reinforce rapid scripting and testing.
Time estimate: 1-2 hours

Start PicoCTF General Skills →

💡 Lab Tip: Keep scope tight: one clear input, one clear output, one clear goal.

🛡️ Secure Coding: Capstone Security Review

Before you submit, run a mini security review. Most capstone issues come from missing validation, unsafe defaults, or unhandled errors.

Capstone security checklist:
- Validate all inputs and handle edge cases
- Avoid hardcoded secrets or credentials
- Use least-privilege file and network access
- Log errors clearly without leaking sensitive data

📚 Building on CSY101 Week-14: Use standards-driven checks (CIS/ISO) as a final review.

Resources

Reference these resources as you build your capstone.

Python Standard Library Reference · Reference · 50 XP · Resource ID: csy103_w12_r1 (Required)
Real Python - Application Layouts · 30-45 min · 25 XP · Resource ID: csy103_w12_r2 (Optional)
Make a README · 15-20 min · 25 XP · Resource ID: csy103_w12_r3 (Optional)

Capstone Submission

Submit your complete capstone project including:

All Python source files
README.md with complete documentation
Sample input files
Example output files
Design decisions document (300-500 words)

Design Decisions Document should address:

Why did you choose this project?
What was your biggest technical challenge and how did you solve it?
What would you add with more time?
How does this tool demonstrate your learning from CSY103?
How might this tool be used in a real security role?

Submission Checklist:

☐ Code runs without errors on sample input
☐ argparse provides --help output
☐ Error handling prevents crashes on bad input
☐ README includes usage examples
☐ All functions have docstrings
☐ Sample files demonstrate functionality
☐ Design decisions document complete

Final Checkpoint Questions

What Python concepts did you use most in your capstone?
How did you approach breaking down the problem into functions?
What error conditions did you handle and why?
How would another security professional use your tool?
What did you learn about software design from this project?
How has your perception of security programming changed since Week 1?

Final Reflection

Reflection Prompt (400-500 words):

This capstone represents the culmination of your programming journey in CSY103. You've gone from "Hello, Security World!" to building a complete security automation tool.

Reflect on these questions:

Compare your skills now to Week 1. What can you do now that seemed impossible then?
Which concepts were most challenging? How did you overcome those challenges?
How do you see programming fitting into your security career?
What will you build next? What security problems do you want to automate?
What advice would you give to someone starting CSY103?

A strong final reflection will honestly assess your growth, acknowledge remaining areas for improvement, and articulate a vision for how you'll continue developing as a security programmer.

What's Next?

Completing CSY103 opens doors to advanced security programming:

CSY201 - Operating System Security: Apply Python to OS hardening and security automation
CSY202 - Applied Cryptography: Implement cryptographic protocols with Python
CSY203 - Web Application Security: Build security testing tools for web applications
CSY204 - Security Operations: Automate SOC workflows and incident response

Congratulations on completing CSY103! You now have the programming foundation that distinguishes capable security professionals. Keep building, keep automating, and keep learning. The security community needs tool builders like you.