FileSync and era literaria: Realistic open source webs to develop web security skills

Abstract

A great variety of services and applications are currently offered using web sites. Unfortunately, this also caused the proliferation of attacks targeting their potential vulnerabilities. Therefore, the demand for security-trained professionals that identify, prevent and find solutions to security vulnerabilities is greatly increasing. This also increased the need for adequate training tools that show how real attacks are performed and prevented. In this paper we describe the design, implementation and usage examples of two websites designed to facilitate web security training. These websites have a realistic set of features and have been developed using different popular technologies. They deliberately incorporate examples of a large subset of common security vulnerabilities, complemented with learning and training materials. They are also open source to allow the development of customizations and adaptations to different scenarios and facilitate learning secure code development techniques.