Information (in)Security
a hands-on introduction to Information Security and Web testing

A fun and engaging method to introduce Information Security awareness to an audience of varied technical levels, from beginner to intermediate.

Updates

  • June 27, 2017 - Added OWASP Juice Shop, along with many updates!
  • April 3, 2017 - Updated VM with latest versions of web apps and tools

Details

This program is intended for audiences with an elementary technical background, though it can be adapted to an intermediate level. Its design is as follows:

  1. Present on the basics of web security, or security principles
  2. Distribute the virtual machine to your audience.
  3. Use the VM to craft a hands-on session after the presentation. Using your copy of the VM, slowly guide your audience through the exercises. The VM has appropriate instructions and a list of suggested exercises sorted by difficulty.

Presentations

Suggestions

  1. The VM already comes with VirtualBox Guest Tools installed. This means you can distribute the VM along with VirtualBox installers so the only set-up needed is importing the appliance.
  2. If you think you won't lose the audience, you can show a live demo of Burp Suite capturing traffic during the presentation. Likewise, http://127.0.0.1/Exercises.html contains a sqlmap demo (scroll all the way down) that could be included for some shock-n-awe.
  3. If possible, recruit some extra tech-savvy people, go over the plan/exercises with them prior to the presentation, then ask them to walk around and help out the audience while you're driving the entire session.