During my Thesis work, I created a framework, which allows creating interactive, guided exercises, which present security vulnerabilities affecting IT systems.
The text of this paper explains the justification of the project, then presents the requirements, the system should satisfy. Thereafter, the design and the architecture of the framework is presented, exhibiting the three main components of the framework: the client, the server and the event handlers. Then, the implementation of the framework is detailed, including the tools and libraries used by the project, the architecture and implementation of messaging between components, the details of the inner workings of the three components, and the preparations required to deploy the framework.
The text also presents a demo exercise, created to showcase the potential of the framework. This demo exercise demonstrates a SQL Injection vulnerability, the paper explains, what this vulnerability means, then presents the steps taken to implement the exercise.