This is a website created to use as a teaching tool in a series of presentations and workshops to educate other students at school about web application security concepts such as SQL injections, cross site scripting, cross site request forgery, and other things that are important for creating secure applications.

A potential use is to utilize something along the lines of Docker to give each student their own instance of the website in a contained environment. A workshop would begin with a presentation, explanation, and demonstration of a particular vulnerability: how it works and what it can do. Then, the students would be given the opportunity to try them out on their own on their instance. Then, a discussion would take place on how to deal with these vulnerabilities and the students would work to patch their instance. Then, students would connect to other students' websites and attempt to exploit vulnerabilities that may still exist.

These sort of skills are not taught in any significant capacity to give a full appreciation of just how easy it is to introduce a severe vulnerability that could result in an event that affects the lives of potentially hundreds of millions of people. My goal with this is to increase the level of awareness amongst these future application developers.

This project is but a humble beginning.

Share this project: