Webseclab Security Education Workbench
نویسندگان
چکیده
We have developed and tested a virtual-machine-based web-application security student laboratory, Webseclab, comprising a LAMP (Linux, Apache, MySQL, PHP) stack, a variety of development tools, and the three most popular browsers for the Linux platform. This environment, tested in weekly participatory labs and weekly homework, hosts a teaching framework, exercise sets and labs, and a sandboxed student development environment. Eighty incremental exercises based on recent security research, and challenge projects, including one based on real open-source applications, teach the major web application vulnerabilities and defenses, in an encapsulated environment that allows students to experiment freely without interfering with each other or with public networks. In contrast to problems experienced with hands-on projects used in previous years, student response to this platform and its contained exercises has been remarkably positive.
منابع مشابه
WorSE: A Workbench for Model-based Security Engineering
IT systems with sophisticated security requirements increasingly apply problemspecific security policies for specifying, analyzing, and implementing security properties. Due to their key role for defining and enforcing strategic security concepts, security polices are extremely critical, and quality assets such as policy correctness or policy consistency are essential objectives in policy engin...
متن کاملAutomatic Compositional Verification of Some Security Properties
1 The Compositional Security Checker (CSC for short) is a semantic tool for the automatic veriication of some compositional information ow properties. The speciications given as inputs to CSC are terms of the Security Process Algebra, a language suited for the speciication of systems where actions belong to two diierent levels of conndentiality. The information ow security properties which can ...
متن کاملThe Molecular Workbench Software: An Innova- tive Dynamic Modeling Tool for Nanoscience Education
Nanoscience and nanotechnology are critically important in the 21 century (National Research Council, 2006; National Science and Technology Council, 2007). This is the field in which major sciences are joining, blending, and integrating (Battelle Memorial Institute & Foresight Nanotech Institute, 2007; Goodsell, 2004). The prospect of nanoscience and nanotechnology in tomorrow’s science and tec...
متن کاملXRound: A reversible template language and its application in model-based security analysis
Successful analysis of the models used in ModelDriven Development requires the ability to synthesise the results of analysis and automatically integrate these results with the models themselves. This paper presents a reversible template language called XRound which supports round-trip transformations between models and the logic used to encode system properties. A template processor that suppor...
متن کاملReservoirBench: An Interactive Educational Reservoir Engineering Workbench
ReservoirBench is an interactive workbench for educational geological science and engineering tasks. It is designed to facilitate education of novice audiences to teach them basic concepts of reservoir modeling and simulation workflow. Traditional training using lectures and software practice can lead to information overload, and retainability is questionable. As an alternative, we propose a ph...
متن کامل