IModules - Center for Cybersecurity and Cyber Operations
IModules
Labtainers exercises from other sources are available as IModules described below. As you create new lab exercises, please consider sharing them with the community by providing me (mfthomps at nps.edu) with the URL to your IModules as described in the Lab Designer Guide.
Liberty-labs
OWASP Web Security Labs from Liberty University
Contact: https://github.com/artsalmon/labtainer/issues
Access these labs by entering this at the labtainer-student prompt:
imodule: https://github.com/artsalmon/labtainer/releases/download/latest/imodule.tar
Lab | Description | difficulty |
web-brokenaccess | Explore broken access control, which happens when the application allows a user to perform unauthorized actions. | 3 |
web-brokenauth | This lab covers how to reset password using a GET request, how to bypass multifactor authentication, and how decode session tokens. | 3 |
web-inject |
Explore SQL/NoSQL injections along with Web based injections using PUT/POST/PATCH. |
3 |
web-insdes | Explore insecure deserialization, which happens when the developer doesn’t check serialized data that a user sends to the application. | 3 |
web-inslog | Use logging and monitoring to detect system infiltration by looking for traffic which usually doesn’t correspond to the normal traffic. | 3 |
web-sde | Explores the disclosure of data which is not meant to be publicly accessible, known as sensitive data exposure (SDE). | 3 |
web-secmis | Web server security misconfigurations which result in vulnerabilities. | 3 |
web-vulcom | Explore using components with known vulnerabilities. You might have totally secured your own code, but what about the dependencies you are using? | 3 |
web-xss | Cross-site scripting (XSS), which is a type of vulnerability commonly found in web applications. | 3 |
web-xxe | An XML External Entity attack is a type of attack against an application that parses XML input. | 3 |