Publications‎ > ‎

Webseclab Security Education Workbench

by   Elie Bursztein   Baptiste Gourdin   Celine Fabry   Jason Bau   Gustav Rydstedt   Hristo Bojinov   Dan Boneh  John C. Mitchell
Cyber Security Experimentation and Test (CEST) 
Washington, USA
Abstract: We have developed and tested a virtual-machine-based web-application security student laboratory, Webseclab, comprising a LAMP (Linux, Apache, MySQL, PHP) stack, a variety of development tools, and the three most popular browsers for the Linux platform. This environment, tested in weekly participatory labs and weekly homework, hosts a teaching framework, exercise sets and labs, and a sandboxed student development environment. Eighty incremental exercises based on recent security research, and challenge projects, including one based on real open-source applications, teach the major web application vulnerabilities and defenses, in an encapsulated environment that allows students to experiment freely without interfering with each other or with public networks. In contrast to problems experienced with hands-on projects used in previous years, student response to this platform and its contained exercises has been remarkably positive.

          paper  : Webseclab-Security-Education-Workbench.pdf   (preview)
          slides : webseclab-cset-2010.pdf                                           (preview)