This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP PHP Security Training Project

From OWASP
Revision as of 13:40, 16 March 2016 by Timo Pagel (talk | contribs) (Add setup and language info to FAQ)

Jump to: navigation, search
OWASP Project Header.jpg

OWASP PHP Security Training Project

OWASP PHP Security Training Project is...

Introduction

The goal of this project is to create an interactive training system, consisting of several units, for PHP developers. Every unit is divided in an attack and a defense part.


Description

The goal of this project is to create an interactive training system, consisting of several units, for PHP developers. Every unit shall be divided in an attack and a defense part. When working through the attack part, the developers will have to strike against a vulnerable application. Through this, they will learn to think like a hacker. Weaknesses to detect and exploit might be XSS, CSRF or SQL Injection, which are listed in the OWASP top 10. While viewing the defense part, the user shall be introduced to securing the vulnerable application, for example by safeguarding the code.


Licensing

OWASP PHP Security Training Project is free to use. It is licensed under the GNU GPL v3 License, so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


What is PHP Security Training

OWASP PHP Security Training Project provides:

  • VirtualBox-Machine
  • Debian Package


Informations

Paper: http://files.timo-pagel.de/php-security-trainig-system/paper.pdf Poster: http://files.timo-pagel.de/php-security-trainig-system/poster2.pdf Presentation: http://files.timo-pagel.de/vortraege/security/phpug_php_security_training_system.pdf (German)

Project Leader

Timo Pagel


Related Projects

Ohloh

Quick Download

Source Code

Email List

Sign up

News and Events

  • [21 Jan 2015] Poster and Paper is available.

In Print

Classifications

New projects.png Owasp-builders-small.png
Owasp-defenders-small.png
Cc-button-y-sa-small.png
Project Type Files CODE.jpg
How to install OWASP PSeTS?
wget http://files.timo-pagel.de/php-security-trainig-system/php-security-training-system-vagrant.tar
cd vagrant/
tar xfvz php-security-training-system-vagrant.tar
vagrant plugin install vagrant-hostsupdater
vagrant up
goto http://guidesystem.local/ in your browser
In which languages is OWASP PSeTS translated?
So far, it is only available in German.

Volunteers

XXX is developed by a worldwide team of volunteers. The primary contributors to date have been:

  • xxx
  • xxx

Others

  • xxx
  • xxx

As of July, the priorities are:

  • Internationalization of existing units
  • UnitTests
  • Enhancement of existing units
  • Creation of more units
  • Java integration
  • Error message: Enhance details
  • Point system
  • Track clicks on the help button/solution to asses the quality of a unit
  • Possibility to reset single units


PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: OWASP PHP Security Training Project (home page)
Purpose: The goal of this project is to create an interactive training system, consisting of several units, for PHP developers. Every unit is divided in an attack and a defense part. The goal of this project is to create an interactive training system, consisting of several units, for PHP developers. Every unit shall be divided in an attack and a defense part. When working through the attack part, the developers will have to strike against a vulnerable application. Through this, they will learn to

think like a hacker. Weaknesses to detect and exploit might be XSS, CSRF or SQL Injection, which are listed in the OWASP top 10. While viewing the defense part, the user shall be introduced to securing the vulnerable application, for example by safeguarding the code.

License: GNU GPL v3 License
who is working on this project?
Project Leader(s):
  • Timo Pagel @
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: Mailing List Archives
Project Roadmap: Not Yet Created
Key Contacts
  • Contact Timo Pagel @ to contribute to this project
  • Contact Timo Pagel @ to review or sponsor this project
current release
Not Yet Published
last reviewed release
Not Yet Reviewed


other releases