Classroom Glossary Public page

ADV-102 Capstone Specification

What you have to ship in Module 10 to earn the ADV-102 certificate. Read this in Week 1 so your Module-6 detector tool and Module-7 cross-language work line up with the capstone target.

Tier 1, working reproduction (pass)

CVE-2025-65106 reproduces cleanly on your pinned vulnerable LangChain install. A reproduction harness in your repo runs the chain; the SSTI fires; you can show the output. A five-minute recorded demo plus a one-to-two-page writeup of what the chain does and where the Jinja2 SSTI lands. Tier 1 ships the work; Tier 2 ships the tool plus report that the academy uses to grade.

Tier 2, detector tool plus report (certificate, B-minus minimum)

The Tier-1 reproduction plus a defensible reproduction tool plus a coordinated-disclosure-style report. The tool has to:

  • Scan a target Python environment (path-on-disk or pip-list output) and report whether the installed LangChain version is in the affected range.
  • Emit a structured detector report (JSON or YAML) that names the CVE, the installed version, the affected range, the patched version, and a one-line remediation pointer.
  • Skip patched installs without false-positive noise.
  • Document install, use, and the false-positive escape valve in a README a stranger can follow.

The six-to-eight-page coordinated-disclosure-style report has to:

  • State the CVE identifier, CVSS score, affected versions, and patched version.
  • Walk the reproduction step by step with code blocks and observed output.
  • Map the CVE explicitly to OWASP LLM Top 10 items and OWASP ASI Top 10 items.
  • Cite the upstream patch by commit (no commit hash needed in the prose; the link in the bibliography suffices) and describe the missing input validation.
  • Include a cross-language pointer at CVE-2025-9556 (Gonja) and one paragraph on why the bug class generalises.
  • Walk a hypothetical disclosure timeline against a fictional vendor (the cohort archive includes the timeline template).
  • Reference at least one of the readings (Stuttard and Pinto, Seitz and Arnold, OWASP LLM Top 10, OWASP ASI Top 10).

The five-minute recorded demo shows the reproduction running, the detector tool reporting, and the report's coordinated-disclosure section read aloud.

Tier 3, original CVE write-up (distinction)

The Tier-2 deliverables plus a write-up of an additional templating-engine CVE you discover independently in any of the OWASP-tracked agentic stacks. This is the rare bird; most students do Tier 2. If you go for Tier 3 the instructor will pair you with an academy reviewer who has CNA experience.

Rubric

DimensionWeightWhat earns it
Reproduction depth40%The CVE-2025-65106 reproduction is complete and clean. You can describe each step. The cross-language Gonja reproduction is included.
Tool defensibility and documentation30%The detector tool runs, scans, reports, and skips correctly. The README is clear. The structured output format is documented.
Report and demo quality at coordinated-disclosure practices30%The six-to-eight-page report follows coordinated-disclosure register. The OWASP mapping is precise. The demo runs the work and reads the report's disclosure section.

What graders are looking for

  • The reproduction actually works. We will rebuild your virtualenv from your requirements.txt and run your harness before grading.
  • The detector tool does not false-positive on patched installs. Submit at least one negative test case in your repo.
  • The report uses the coordinated-disclosure register precisely. The cohort archive has prior capstone reports as a calibration reference.
  • The OWASP mapping is specific. "LLM01 Prompt Injection" is too coarse; the report names the LLM01 sub-class and the ASI risk category that applies.
  • The cross-language pointer is real. Reproduce the Gonja CVE before claiming generalisation.

Submission format

Git repo URL plus a five-minute recorded demo (MP4 or webm; instructor will share the host URL). The repo has to include: the reproduction harness, the detector tool source, the requirements.txt pinning both the vulnerable LangChain and any tool dependencies, the README, the six-to-eight-page report (Markdown or PDF), and a Toolchain Diary covering every tool you touched.