Stanford Security Clinic logo

We provide pro bono digital security and safety consultations for the Stanford community. Hosted by Applied Cyber, the Clinic’s mission is to ensure

  • the sensitive data students trust your app with remains private and out of the hands of attackers,

  • your app takes the necessary steps to prevent abuse, fraud, and other safety issues, and

  • you’re set up for success as you grow.

The clinic is open through the remainder of fall quarter on Thursdays from 3pm to 5pm. To book a meeting, please email [email protected].

Cybersecurity services

Our cybersecurity services include:

  • Data security model consult — We’ll meet with you to assess the potential attack surface, data model and means of data storage, and backend design of your app from a security perspective. We’ll then tell you what to focus on to ensure that sensitive data remains secure as you add features and grow your app.

  • Live security testing — While meeting with you, we’ll attempt to find vulnerabilities in your app that might enable an attacker to access sensitive user data. If we find issues, we’ll recommend ways you can remediate the vulnerabilities and secure your systems.

The services we offer you will depend on availability and the development stage of your app. For example, we recommend the data security model consult for apps that have not launched yet and are in the development or testing stage, whereas apps that have publicly launched or are ready to launch should choose our live security testing option.

Note: A consult does not constitute an exhaustive security evaluation of your app. Rather, it represents a good starting point for the evolution of your service with the benefit of a security-informed perspective.

Digital safety services

We will work with you to craft a safety model for your product. First, we’ll explore the specific harms and abuse your product might face, such as, spam, fraud, harassment, and stalking. Next, we’ll explore techniques to proactively mitigate these harms, ranging from automatic moderation systems to design changes. Finally, we’ll discuss how you can incorporate monitoring and observability into your stack to ensure that safety issues don’t catch you by surprise.

About Applied Cyber

Founded in 2015, Applied Cyber is Stanford’s premier cybersecurity student group focused on teaching students practical skills in analyzing, exploiting, and defending computer systems.

Applied Cyber has had a strong track record of working with the Stanford entrepreneurial community to ensure that popular campus apps fulfill the data safety standards students trust them with. In recent years, we have found and disclosed dozens of security vulnerabilities to student startups and social apps and worked with them on fixes that protect student data.

Since 2020, Applied Cyber has also conducted authorized penetration tests of critical services within the Stanford University infrastructure. Engagement targets have included instructional support systems, Windows Active Directory, custom web applications, industrial and environmental control systems, and a smart home and IoT (internet of things) lab.

Over the past nine years, Applied Cyber competition teams have participated in over 80 cyber competitions, achieving top placements in more than 20 of them. Notably, we secured three consecutive National Championships in the Collegiate Penetration Testing Competition (CPTC) between 2017 and 2019, and attained third place in the National Collegiate Cyber Defense Competition (CCDC) in 2020 and 2022 before taking the championship title in 2023.

About the team

The security side of the clinic is directed by Aditya Saligrama, who is the President of Applied Cyber and a senior studying computer science with a focus in systems and security. Aditya helped bring home the CCDC National Championship in 2023 as Linux & Cloud Lead and leads web penetration testing on the CPTC team. Aditya and Miles’s work on finding security vulnerabilities in Fizz was covered by the Stanford Daily in November 2022.

The digital safety side of the clinic is directed by Miles McCain. Miles is a senior studying Symbolic Systems and Computer Science. He has worked on election security at CISA/DHS, privacy engineering at Apple, trust and safety at the Stanford Internet Observatory, and AI safety policy in collaboration with OpenAI and the Cornell Tech Policy Institute. He is an alum of the Recurse Center, worked on cyber policy for a 2020 presidential campaign, and loves building products in the public interest.