01. Introduction
At SolarMobil Manipal, engineering responsibility extends beyond the vehicle itself. Every system we build—whether it is the solar electric vehicle we race or the digital platforms that represent our work—reflects our values as engineers. Our website is often the first point of contact for sponsors, collaborators, and the wider engineering community, and it must be held to the same standards of reliability, trust, and thoughtful design as our physical systems. In a digital-first environment, this includes ensuring that our public-facing platforms are secure, resilient, and proactively hardened.
02. Rationale for Assessment
With this perspective, our team undertook a focused security assessment of the SolarMobil website. This effort was not driven by a breach or a reported vulnerability, but by a proactive approach to cybersecurity. As engineering students, we believe that strong systems are built by anticipating failure modes early and addressing them before they surface. While the website is implemented using a largely static architecture, modern web threats increasingly target browser behavior, client-side trust boundaries, and configuration-level weaknesses rather than traditional server-side exploits alone.
03. Tooling & Core Module
To support this analysis, we used WebSecUltra, a web security analysis platform developed by SolarMobil team members Dilprit Singh and Anvesha Singh. WebSecUltra enabled automated inspection of security headers, analysis of client-side behavior, heuristic identification of potential risks, and comparison of security posture before and after remediation.
WebSecUltra Capabilities:
-
›
Automated Inspection of HTTP/S Security Headers
-
›
Heuristic identification of theoretical risks in static environments
-
›
Thoughtful distinction between confirmed issues and informational observations
04. Findings & Remediation Log
The assessment did not reveal any critical or high-severity vulnerabilities, nor any evidence of compromise or active exploitation. However, it did surface several preventive configuration gaps that were worth addressing early.
Content Security Policy (CSP) Implementation
UI-Redress & Iframe Embedding Protocols
Server Metadata Sanitization
05. Engineering Validation
All changes were manually verified through browser inspection, CSP enforcement checks, iframe behavior testing, and cross-browser validation. This step was particularly important to us, as it ensured that improvements were technically effective rather than merely compliant with automated scanner outputs.
> Content-Security-Policy: default-src 'self' ... [VERIFIED]
> X-Frame-Options: SAMEORIGIN ... [ENFORCED]
> Server-Header: Strip_Metadata ... [CLEAN]
Final Assessment Conclusion
This exercise reinforced an important lesson for our team: security is not a one-time task, nor is it limited to backend systems or complex infrastructure. Even static websites benefit significantly from thoughtful configuration, strong browser-enforced controls, and validation-driven improvement.
As we move forward, this mindset of proactive improvement—both on the road and online—will remain central to how we engineer every part of our journey.
