Human Error Vulnerability Scanner (HEVS)

Organization-level security risk management console showing employee risk distribution and department insights.
Master admin console providing global insights across multiple organizations and security risk levels.
User dashboard displaying overall Human Vulnerability Score calculated from real behavior-based security tests.
Employee-wise vulnerability listing with clear risk levels based on individual Human Vulnerability Scores.
User profile showing role, department, organization details, and latest security assessment summary.
Secure login interface for HEVS with user authentication before starting vulnerability assessment.

Inspiration

Most cybersecurity tools focus on scanning systems, servers, and software.
However, studies show that a majority of cyber attacks succeed because of human mistakes such as clicking phishing links, reusing weak passwords, or falling for social engineering attacks.

We noticed that while machines are constantly audited, human behavior is rarely measured in a structured, technical way.
This gap inspired us to build Human Error Vulnerability Scanner (HEVS) — a platform that treats humans as a measurable security surface.

What it does

HEVS is a human-centric cybersecurity assessment platform that evaluates how vulnerable a user is based on real actions, not assumptions.

The platform:

Simulates phishing scenarios and tracks user behavior
Analyzes password hygiene without storing plaintext passwords
Tests social engineering awareness using realistic scenarios
Calculates a Human Vulnerability Score (HVS) that represents overall human security risk
Provides personalized security awareness recommendations based on weaknesses

How we built it

We designed HEVS as a real application, not a demo or mock system.

A secure authentication flow with OTP verification ensures real users
All user actions are logged and stored in a structured database
Risk scores are calculated using transparent, behavior-based formulas
The frontend presents results clearly with progress indicators and dashboards
The backend enforces ethical consent and data integrity throughout the assessment

The system architecture was kept modular so it can scale from individual users to organizational security assessments.

Challenges we ran into

One of the biggest challenges was ensuring the platform did not feel like a “demo” with fake scores.
We focused on removing shortcuts, demo modes, and random data to ensure every score was derived from actual user behavior.

Another challenge was balancing ethical testing with realistic simulations, which required clear consent handling and careful data design.

What we learned

Through this project, we learned that cybersecurity is as much about human psychology as it is about technology.
Designing systems that observe behavior responsibly, securely, and transparently is critical for building trustworthy security tools.