sectrain

sectrain

Joe McManus (joemcmanus)

Install latest/stable of sectrain

Make sure snap support is enabled in your Desktop store.


Install using the command line

Don't have snapd? Get set up for snaps.

Channel Version Published

A training tool displaying some techniques for secure web app development

Overview sectrain is a program to illustrate some of the security issues common in applications such as XSS and buffer overflows along with how to stop them. Currently this shows example in PHP and Python.

Still to be done is include javascript, SQLi and C++ buffer overflows, should be done shortly.

Installation

The simplest way to install sectrain is to use the snap

 sudo snap install sectrain

Web Starting

 sectrain startweb 

Web Stopping

 sectrain stopweb 

Web Usage

Open your browser to your host on port 1984, then browse choose the secure or insecure links. Try an exploit such as :

 "><script>alert('xss');</script>

You will see how sanitizing the input/output helps solve these issues.

Python Buffer Overflows

There are two examples to look at, pybuffgood and pybuffbad, sending in too long of a string breaks it. Simple, but still a good way to illustrate the point.

 sectrain pybuffbad  abcdefghijkl 
 sectrain pybuffgood abcdefghijkl

Clearly more can be done, but this is just to aid in getting people interested in fixing their code.

Details for sectrain

License
GPL-3.0+
Last updated
13 December 2019

Share this snap

Generate an embeddable card to be shared on external websites.


Related blog posts


Where people are using sectrain

Users by distribution (log)

Ubuntu 18.04
Ubuntu 19.10
Ubuntu 20.04

Install sectrain on your Linux distribution

Choose your Linux distribution to get detailed installation instructions. If yours is not shown, get more details on the installing snapd documentation.


Is there a problem with sectrain? Report this app