I’m trying to create a programming challenge that would require developers to hack into the MVC site I create. The idea is obviously to teach them about preventing these types of attacks.
The current idea I have is to build multiple vulnerabilities into the site – but the second vulnerability would require the first to be completed, etc. So I was thinking the first could be a sql injection attack, the second would require a modified GET request, etc.
Exploiting the final vulnerability would reveal a specific piece of information which is proof that you have completed the entire challenge.
This will not be deployed on a public site – it’s simply a learning tool for developers at my company. I’m not looking for MVC-specific vulnerabilities – I’m simply using MVC because it allows me to work with the ‘raw’ HTML.
Any ideas on the different vulnerabilities I can use?
You might want to take some inspiration from something similar from Google. They go through a number of types of vulnerability, and for each type explain how to exploit and prevent that kind of problem.