I am in the process of organising a security based event at a university. We aim to have teams of students build a secured web service (with email and some kind of front-end linked to a database) within a day, and then have security experts from industry attempt to hack the web service and steal fake sensitive data.
I would be really interested to know what kind of system architecture we could use to fulfill the following conditions:
- Easy enough to build a service within a day.
- Possible to successfully penetrate (ie. not 100% secure out of the box)
- Able to have students patch most of the security holes if they know how.
I have some knowledge of popular frameworks such as django/flask/node.js, but I understand that these frameworks are already so well secured that they would be impossible to break in to, so students would not even have to secure them.
Can anyone suggest a good stack (eg. php on apache with SQLite DB) that would meet the requirements I specified above? Thanks!
Aucun commentaire:
Enregistrer un commentaire