Designing a scalable exercise creation framework for IT security learning

OData support
Dr. Félegyházi Márk
Department of Networked Systems and Services

During my Thesis work I had the opportunity to delve into the topic of IT security. I studied vulnerabilities in different areas that attackers could use to access sensitive information. I learned about the Avatao platform, which aims to deliver an easy to understand and easy to use environment for beginners and professionals alike, who would like to learn more about cyber security. The Avatao platform holds hands-on exercises. The goal of these exercises are to provide practical introduction to a field that is usually difficult to learn through theoretical means. For the platform, I learned about Docker which uses a container based virtualization technology. The platform uses Docker images to quickly create the environment for exercises without taking up a lot of resources. My selected area was web security, where I showed two classic vulnerabilities through multiple exercises. My goal was to create exercises that are easy to understand for beginners, and that are slowly increasing in difficulty to show new ways of bypassing defenses.

I used what I learned during exercise creation to look at ways of automatically generating similar exercises. I designed a system in Python that used templates to generate exercises. The environment was developed in a way to allow for modularity. This way it would later be expandable with new modules.


Please sign in to download the files of this thesis.