FileSync and EraLiteraria are two realistic open-source web sites created to train web security skills that are designed following a series of principles:
- Realism: design, implementation and UI follow current industry standards. Current practices to increase their realism, such as mail confirmation of newly created accounts, anti-CSRF tokens or support for merchant services simulation.
- Functionality: All their functionalities are fully implemented.
- Data volume and type: Both contain a substantial amount of realistic data.
- Frameworks: they use modern, well-known and widely used web development frameworks and supporting products.
- No shared technologies: both use different development technologies and frameworks, programming languages, hosting web servers and operating systems.
- Shared vulnerabilities: both websites share 21 of the most important web security vulnerabilities, as classified by OWASP
FileSync allows registered users to upload, download and share files with non-anonymous users.
Era Literaria is an online bookshop that implements the classical online shop concepts.
Both websites and associated manuals are in Spanish right now. We expect to translate both items in the future.
The goal of these websites is to be fully educational and, while realistic, are not created to be used to provide any real service. We do really hope they can help you in your training or training your students in the web security field!