Webseclab Elie Bursztein Baptiste Gourdin Celine Fabry - - PowerPoint PPT Presentation

webseclab
SMART_READER_LITE
LIVE PREVIEW

Webseclab Elie Bursztein Baptiste Gourdin Celine Fabry - - PowerPoint PPT Presentation

Feb 23, 2023 189 likes •330 views

Webseclab Elie Bursztein Baptiste Gourdin Celine Fabry Jason Bau Gustav Rydstedt Hristo Bojinov Dan Boneh John C. Mitchell Stanford University 1 Web vs System Evolution of the number of vulnerabilties by years 3000 2793

slide-1
SLIDE 1

Webseclab

Elie Bursztein Baptiste Gourdin Celine Fabry Jason Bau Gustav Rydstedt Hristo Bojinov Dan Boneh John C. Mitchell Stanford University

1

slide-2
SLIDE 2

Elie Bursztein et al Webseclab http://ly.tl/t15

Web vs System

1186 2793 1528 996 1275 1095 2000 1951 1531 1647 Number of vulnerabilities 1000 2000 3000 2005 2006 2007 2008 2009 Evolution of the number of vulnerabilties by years Web System

slide-3
SLIDE 3

Elie Bursztein et al Webseclab http://ly.tl/t15

Web vulnerabilities breakdown

Number of vulnerability 100 200 300 400 500 600 700 800 900 1000 2005 2006 2007 2008 2009 Evolution of the web vulnerabilities over the years by types XSS SQLi XCS Session CSRF SSL Infomation Leak

slide-4
SLIDE 4

Elie Bursztein et al Webseclab http://ly.tl/t15

BlackHat Training on Web security

1 2 3 4 5 6 7 8 9 10 2005 2006 2007 2008 2009 2010

slide-5
SLIDE 5

Elie Bursztein et al Webseclab http://ly.tl/t15

No bullet proof language

140 224 302 511 1170 1220 5070 pl do cfm jsp asp aspx php

0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% PHP ASP ASPX JSP CFM DO PL

slide-6
SLIDE 6

Elie Bursztein et al Webseclab http://ly.tl/t15

Webseclab Goals

  • Blending edge exercises
  • Inclusive environment
  • No setup
  • Minimal learning curve
  • Easy class management
slide-7
SLIDE 7

Elie Bursztein et al Webseclab http://ly.tl/t15

Webseclab architecture

Cloud service VM1 VM2

User 1

VM1 VM2

User 2

slide-8
SLIDE 8

Elie Bursztein Slide deck 2010 http://ly.tl/t1

Key features

  • Exercises
  • Quizzes
  • Projects
  • Real case
  • Class management
  • Synchronization
  • Realtime goal
  • Quizzes push
  • Analytics

VM Cloud

slide-9
SLIDE 9

Elie Bursztein et al Webseclab http://ly.tl/t15

slide-10
SLIDE 10

Elie Bursztein et al Webseclab http://ly.tl/t15

slide-11
SLIDE 11

Elie Bursztein et al Webseclab http://ly.tl/t15

Webseclab VM architecture

Webseclab Webseclab

slide-12
SLIDE 12

Elie Bursztein et al Webseclab http://ly.tl/t15

Webseclab VM architecture

Virtual ¡Machine IDE Sandbox Firefox WebSecLab SQL ¡via ¡phpmyadmin Categories Exercise Objective Constraints Pitch Exercice ¡ rendered Exercice ¡ code Hints Sync Dashboard

Webseclab Webseclab

slide-13
SLIDE 13

Elie Bursztein et al Webseclab http://ly.tl/t15

Exercises repartition

5 10 15 20

6 1 4 5 12 6 17 7 8 7

Introduction Browser security Mixing content XSS CSRF Session Phishing Authentication Embedding SQL injections