Overview sectrain is a program to illustrate some of the security issues common in applications such as XSS and buffer overflows along with how to stop them. Currently this shows example in PHP and Python.
Still to be done is include javascript, SQLi and C++ buffer overflows, should be done shortly.
Installation
The simplest way to install sectrain is to use the snap
sudo snap install sectrain
Web Starting
sectrain startweb
Web Stopping
sectrain stopweb
Web Usage
Open your browser to your host on port 1984, then browse choose the secure or insecure links. Try an exploit such as :
"><script>alert('xss');</script>
You will see how sanitizing the input/output helps solve these issues.
Python Buffer Overflows
There are two examples to look at, pybuffgood and pybuffbad, sending in too long of a string breaks it. Simple, but still a good way to illustrate the point.
sectrain pybuffbad abcdefghijkl
sectrain pybuffgood abcdefghijkl
Clearly more can be done, but this is just to aid in getting people interested in fixing their code.
Snaps are applications packaged with all their dependencies to run on all popular Linux distributions from a single build. They update automatically and roll back gracefully.
Snaps are discoverable and installable from the Snap Store, an app store with an audience of millions.
Snap is available for Red Hat Enterprise Linux (RHEL) 8 and RHEL 7, from the 7.6 release onward.
The packages for RHEL 7, RHEL 8, and RHEL 9 are in each distribution’s respective Extra Packages for Enterprise Linux (EPEL) repository. The instructions for adding this repository diverge slightly between RHEL 7, RHEL 8 and RHEL 9, which is why they’re listed separately below.
The EPEL repository can be added to RHEL 9 with the following command:
sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
sudo dnf upgrade
The EPEL repository can be added to RHEL 8 with the following command:
sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
sudo dnf upgrade
The EPEL repository can be added to RHEL 7 with the following command:
sudo rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
Adding the optional and extras repositories is also recommended:
sudo subscription-manager repos --enable "rhel-*-optional-rpms" --enable "rhel-*-extras-rpms"
sudo yum update
Snap can now be installed as follows:
sudo yum install snapd
Once installed, the systemd unit that manages the main snap communication socket needs to be enabled:
sudo systemctl enable --now snapd.socket
To enable classic snap support, enter the following to create a symbolic link between /var/lib/snapd/snap and /snap:
sudo ln -s /var/lib/snapd/snap /snap
Either log out and back in again or restart your system to ensure snap’s paths are updated correctly.
To install sectrain, simply use the following command:
sudo snap install sectrain
Browse and find snaps from the convenience of your desktop using the snap store snap.
Interested to find out more about snaps? Want to publish your own application? Visit snapcraft.io now.
