This repository contains a comprehensive Docker-based sandbox environment for teaching secure architecture concepts to high school students. The platform provides hands-on experience with security analysis, vulnerability detection, and remediation techniques using real applications in a safe, controlled environment.
This sandbox uses a multi-layer isolation and containerised architecture using Codespaces and Docker that mirrors real-world cybersecurity practices.
GitHub Codespaces (Recommended):
- No need to fork, Click "Code" β "Create codespace on main"
- Wait 3-4 minutes for setup completion (wait for Welcome page)
- See docs/upload-flask-app-setup-guide.md for uploading your own flask app to test.
Use @workspace in GitHub Copilot Chat for help:
- Students: "I'm stuck on the SAST exercise" or "How do I run a DAST scan?"
- Teachers: "Where's the answer key for network analysis?" or "What's the learning sequence?"
Built-in knowledge of the NESA Software Engineering Syllabus and safety features ensure ethical learning with instructor oversight.
These commands demonstrate systematic vulnerability assessment and security management strategies in containerised environments:
python src/analyser/analyse_cli.py <target> --tools all --educational --output detailed_sast_report.pdf --format pdf --verboseSyllabus Connection: Input validation, sanitization, and error handling detection
python src/analyser/dast_cli.py <url> --deep-scan --educational --output detailed_dast_report.pdf --format pdf --verboseSyllabus Connection: Cross-site scripting (XSS), authentication, and session management testing
python src/analyser/network_cli.py --monitor-connections --educational --duration 300 --output detailed_network_report.pdf --format pdf --verboseSyllabus Connection: Secure communication protocols and threat detection analysis
python src/analyser/penetration_analyser.py localhost:5000 --deep --exploit --output comprehensive_security_report.pdfSyllabus Connection: Security testing and evaluation with incident response preparation
Recommended Learning Sequence:
- Manual Code Review - Security-focused code analysis fundamentals
- SAST (Static Analysis) - Automated vulnerability scanning in code
- DAST (Dynamic Analysis) - Runtime web application testing
- Network Traffic Analysis - Monitor communications and detect threats
- Sandbox Analysis - Safe execution of suspicious applications
- Penetration Testing - Comprehensive security assessment (Advanced)
All exercises include: Instructor guides, student worksheets, answer keys, and quick reference commands.
Exercise Locations: docs/exercises/ | Supporting Materials: docs/instructor-guides/, docs/student-worksheets/, docs/quick-reference-guides/
- Student Upload Area (
uploads/) - Deploy your own Flask app for testing (Port 8000) - Vulnerable Flask App - Python web app with SQL injection, XSS, weak auth (47 vulnerabilities)
- Unsecure PWA - Progressive web app with open redirects, misconfigurations (17 vulnerabilities)
See docs/upload-flask-app-setup-guide.md for deployment instructions.
Integrated Tools:
- SAST: Bandit, Semgrep, Safety (Python security analysis)
- DAST: Nikto, Gobuster (Web vulnerability scanning)
- Network: nmap, netstat (Traffic monitoring & service discovery)
- Penetration Testing: Automated vulnerability discovery with dictionary attacks
Quick Commands:
# Static Analysis
python src/analyser/analyse_cli.py <path> --tools all --educational --output detailed_sast_unsecure_pwa.pdf --format pdf --verbose
# Dynamic Analysis
python src/analyser/dast_cli.py <host:port> --deep-scan --educational --output detailed_dast_unsecure_pwa.pdf --format pdf --verbose
# Network Analysis
python src/analyser/network_cli.py --monitor-connections --educational --duration 300 --output detailed_network_unsecure_pwa.pdf --format pdf --verbose
# Penetration Testing
python src/analyser/penetration_analyser.py <host:port> --deep --output detailed_pentest_unsecure_pwa.pdfEducational Content: Student-friendly vulnerability explanations with real-world analogies, OWASP Top 10 mapping, and code examples.
Key Vulnerabilities Covered: SQL Injection, XSS, CSRF, Authentication flaws, Session management, Unvalidated redirects.
βββ docs/ # Educational materials (exercises, guides, worksheets)
βββ src/analyser/ # Security analysis tools (SAST, DAST, Network, Penetration)
βββ samples/ # Vulnerable applications for testing
βββ uploads/ # Deploy your own Flask app
βββ docker/ # Container configuration
βββ reports/ # Generated security reports
Students will master:
- SAST/DAST: Automated vulnerability detection and remediation
- Network Analysis: Traffic monitoring and threat detection
- Penetration Testing: Professional security assessment methodology
- Ethical Security: Legal responsibilities and professional standards
- Report Writing: Professional security communication and risk assessment
- Verify Tools:
python src/analyser/analyse_cli.py --help - Read Quick References:
docs/quick-reference-guides/ - Choose Learning Path:
- Foundation: SAST β DAST β Network β Sandbox β Penetration Testing
- Individual Focus: Pick specific exercises based on interest
- For Instructors: Review corresponding instructor guides and establish ethical guidelines
Codespaces (Recommended): GitHub account + web browser
Local: Docker, Python 3.8+, Node.js 14+
All security tools auto-install in the environment.
- Issues: Create repository issues
- Contributing: Raise a pull request or issue.
- Licence: Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International
Secure Architecture Testing Environment by Ben Jones is licenced under Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International
