task: Add first session information

Add first session information

Signed-off-by: Gabriel Mocanu <[email protected]>

chapters/web-application-security/overview/README.md

@@ -0,0 +1 @@
+# Web Application Security

chapters/web-application-security/web-basics/slides/Makefile

@@ -0,0 +1 @@
+include ../../../../common/makefile/slides.mk

chapters/web-application-security/web-basics/slides/slides.mdpp

@@ -0,0 +1,10 @@
+---
+title: "Web Basics"
+revealOptions:
+  background-color: 'aquamarine'
+  transition: 'none'
+  slideNumber: true
+  autoAnimateDuration: 0.0
+---
+
+!INCLUDE "web-basics.md"

chapters/web-application-security/web-basics/slides/web-basics.md

@@ -0,0 +1,131 @@
+# Web Basics
+
+Security Summer School
+
+---
+
+## Motivation
+
+- Wide variety of Web applications
+- Complexity of the Web applications
+- Ubiquitous
+
+---
+
+## Web
+
+- Web vs Internet
+- Popularity
+- Attack surface
+
+---
+
+## Stateless
+
+HTTP
+
+Simple
+
+Without session
+
+---
+
+## Stateful
+
+FTP
+
+Session
+
+---
+
+## Security against Whom ?
+
+- Neighbors that sniff your Wi-Fi
+- Script kiddies that try to bruteforce your website login
+- Nation state actors that have exploits to undisclosed vulnerabilities in software you use
+
+---
+
+## Why ?
+
+- Financial gain
+- Internet crime
+- Cyber warfare
+- Data breaches
+
+---
+
+## Status of Web Application Security
+
+- Web application security is not mature field
+- The entry level to web development is low
+- New exploits and exploitation methods are frequently published
+- Security does not directly add revenue. In many cases, it is viewed as an extra cost
+- Complexity, various sources, public APIs
+
+---
+
+## Good to know
+
+- CVE
+- 0-day Vulnerability
+- CWE
+
+---
+
+## Static Web Sites
+
+fast
+
+simple
+
+---
+
+## Dynamic Web Sites
+
+customizable
+
+complex
+
+---
+
+## Roots of Web Application insecurity
+
+- Non-validated user input
+- Programmers mistakes
+
+---
+
+## Web Application Framework
+
+- Collection of pieces of software
+- Ease of development
+- Common solutions for wide variety of tasks
+
+---
+
+## Links
+
+[OWASP Top 10](https://owasp.org/www-project-top-ten/)
+
+- Broken Access Control
+- Cryptographic Failures
+- Injection
+- Insecure Design
+- Security Misconfiguration
+
+---
+
+## Types of vulnerabilities on web
+
+- Browser vulnerabilities
+- Server vulnerabilities
+- Web application vulnerabilities
+
+---
+
+## Browser
+
+- Software that displays pages and files on the web
+- Interpret and display HTML Web pages, applications, JavaScript, CSS
+- Plugins which extend the capabilities

config.yaml

@@ -13,18 +13,18 @@ make_assets:
     command: make
     locations:
       - chapters/web-application-security/web-basics/slides
-      - chapters/web-application-security/cookies-and-session-management/slides
-      - chapters/web-application-security/sql-injection/slides
-      - chapters/web-application-security/cross-site-scripting/slides
-      - chapters/web-application-security/exotic-attacks/slides
-      - chapters/web-application-security/overview/slides
-      - chapters/system-and-data-security/framework-api-vulnerabilities/slides
-      - chapters/system-and-data-security/privilege-escalation/slides
-      - chapters/system-and-data-security/end-to-end-attack/slides
-      - chapters/system-and-data-security/overview/slides
-      - chapters/network-and-communication-security/enumeration-and-recon/slides
-      - chapters/network-and-communication-security/securring-cummunication/slides
-      - chapters/network-and-communication-security/overview/slides
+      # - chapters/web-application-security/cookies-and-session-management/slides
+      # - chapters/web-application-security/sql-injection/slides
+      # - chapters/web-application-security/cross-site-scripting/slides
+      # - chapters/web-application-security/exotic-attacks/slides
+      # - chapters/web-application-security/overview/slides
+      # - chapters/system-and-data-security/framework-api-vulnerabilities/slides
+      # - chapters/system-and-data-security/privilege-escalation/slides
+      # - chapters/system-and-data-security/end-to-end-attack/slides
+      # - chapters/system-and-data-security/overview/slides
+      # - chapters/network-and-communication-security/enumeration-and-recon/slides
+      # - chapters/network-and-communication-security/securring-cummunication/slides
+      # - chapters/network-and-communication-security/overview/slides
     args:
       - all
 
@@ -35,16 +35,16 @@ embed_reveal:
     extension: mdx
     build:
       web-basics: web-basics
-      cookies-and-session-management: cookies-and-session-management
-      securring-communication: securring-communication
-      sql-injection: sql-injection
-      cross-site-scripting: cross-site-scripting
-      enumeration-and-recon: enumeration-and-recon
-      framework-api-vulnerabilities: framework-api-vulnerabilities
-      exotic-attacks: exotic-attacks
-      privilege-escalation: privilege-escalation
-      end-to-end-attack: end-to-end-attack
-
+      # cookies-and-session-management: cookies-and-session-management
+      # securring-communication: securring-communication
+      # sql-injection: sql-injection
+      # cross-site-scripting: cross-site-scripting
+      # enumeration-and-recon: enumeration-and-recon
+      # framework-api-vulnerabilities: framework-api-vulnerabilities
+      # exotic-attacks: exotic-attacks
+      # privilege-escalation: privilege-escalation
+      # end-to-end-attack: end-to-end-attack
+      #
 docusaurus:
   plugin: docusaurus
   options:
@@ -63,17 +63,17 @@ docusaurus:
 
     static_assets:
       - web-basics: /build/make_assets/chapters/web-application-security/web-basics/slides/_site
-      - cookies-and-session-management: /build/make_assets/chapters/web-application-security/cookies-and-session-management/slides/_site
-      - sql-injection: /build/make_assets/chapters/web-application-security/sql-injection/slides/_site
-      - cross-site-scripting: /build/make_assets/chapters/web-application-security/cross-site-scripting/slides/_site
-      - exotic-attacks: /build/make_assets/chapters/web-application-security/exotic-attacks/slides/_site
+      # - cookies-and-session-management: /build/make_assets/chapters/web-application-security/cookies-and-session-management/slides/_site
+      # - sql-injection: /build/make_assets/chapters/web-application-security/sql-injection/slides/_site
+      # - cross-site-scripting: /build/make_assets/chapters/web-application-security/cross-site-scripting/slides/_site
+      # - exotic-attacks: /build/make_assets/chapters/web-application-security/exotic-attacks/slides/_site
 
-      - framework-api-vulnerabilities: /build/make_assets/chapters/system-and-data-security/framework-api-vulnerabilities/slides/_site
-      - privilege-escalation: /build/make_assets/chapters/system-and-data-security/privilege-escalation/slides/_site
-      - end-to-end-attack: /build/make_assets/chapters/system-and-data-security/end-to-end-attack/slides/_site
+      # - framework-api-vulnerabilities: /build/make_assets/chapters/system-and-data-security/framework-api-vulnerabilities/slides/_site
+      # - privilege-escalation: /build/make_assets/chapters/system-and-data-security/privilege-escalation/slides/_site
+      # - end-to-end-attack: /build/make_assets/chapters/system-and-data-security/end-to-end-attack/slides/_site
 
-      - enumeration-and-recon: /build/make_assets/chapters/network-and-communication-security/enumeration-and-recon/slides/_site
-      - securring-cummunication: /build/make_assets/chapters/network-and-communication-security/securring-cummunication/slides/_site
+      # - enumeration-and-recon: /build/make_assets/chapters/network-and-communication-security/enumeration-and-recon/slides/_site
+      # - securring-cummunication: /build/make_assets/chapters/network-and-communication-security/securring-cummunication/slides/_site
     config_meta:
       title: Web Security
       url: http://localhost/