Our motivation for creating this project is that we believe there is currently a lack of knowledge and awareness about cybersecurity vulnerabilities. This lack of knowledge can lead to applications and websites having easily preventable vulnerabilities present. Our project looks to address these issues by providing an environment for users to both learn about threats, and practice their skills both executing and fixing vulnerabilities.
There are 3 types of users that we are targeting for our project. First, students will be able to use our project to learn the basics of cybersecurity and get hands-on practice. Specifically, we are targeting cybersecurity and computer science students who we think would have the most to learn from this project. Second, we believe that this project will be able to serve as an effective teaching tool for teachers. They can use this project to show different types of vulnerabilities in a practical application. Finally, professional developers will be able to use this project to brush up their knowledge, or learn new skills.
Our informational website will host information pretaining to the vulnerabilities implemented on the hands-on webserver. This information will include what the vulnerabilities are, how to exploit them, and ways to mitigate or fix them. The for this site to be used as a learning tool for users to gain more knowledge about different types of attacks. Along with this we have a stretch goal to implement a backend server that connects to the hands-on server and will keep track of exploited vulnerabilities on a user's profiles.
The hands-on webserver will allow users to test out how different vulnerabilities work. This webserver will emulate a hospital's website, with a login page, doctor search page, and bill payment page. We are aiming for this webserver to be running on a cluster of docker containers that will allow us to dynamic configuration of the servers. This would allow for different vulnerabilities to be generated on the server based on which seed is used.