A training tool displaying some techniques for secure web app development
sectrain is a program to illustrate some of the security issues common in applications such as XSS and buffer overflows along with how to stop them. Currently this shows example in PHP and
The simplest way to install sectrain is to use the snap
sudo snap install sectrain
Open your browser to your host on port 1984, then browse choose the secure or insecure links. Try an exploit such as :
You will see how sanitizing the input/output helps solve these issues.
Python Buffer Overflows
There are two examples to look at, pybuffgood and pybuffbad, sending in too long of a string breaks it. Simple, but still a good way to illustrate the point.
Snaps are applications packaged with all their dependencies to run on all popular Linux distributions from a single build. They update automatically and roll back gracefully.
Snaps are discoverable and installable from the Snap Store, an app store with an audience of millions.
Snap can be installed from the command line on openSUSE Leap 42.3, Leap 15 and Tumbleweed.
You need first add the snappy repository from the terminal. Leap 15 users, for example, can do this with the following command:
Swap out openSUSE_Leap_15.0 for either openSUSE_Leap_42.3 or openSUSE_Tumbleweed if you’re using a different version of openSUSE.
With the repository added, import its GPG key:
Finally, upgrade the package cache to include the new snappy repository:
Snap can now be installed with the following:
You then need to either reboot, logout/login or source /etc/profile to have /snap/bin added to PATH.
Additionally, enable and start both the snapd and the snapd.apparmor services with the following commands: