Instructions
The following guide will assume you are following the most friction-less approach for setting up your environment, namely using the provided Docker Compose infrastructure. If you are using another approach, follow the guide and adapt the Docker-specific steps to your scenario.
Types of tasks
The tasks are marked as follows:
- ✅: Recommended being followed;
- ❌: Avoidable due to time constraints or lack of difficulty; and
- ✌️: Optional, but fun to do if you have some spare time!
Tasks
| Step ID | Task | With an instructor (beginner) | With an instructor (advanced) | Without an instructor (beginner) | Without an instructor (advanced) |
|---|---|---|---|---|---|
| 1 | Access the wiki and enable the mode specific to your experience. | ✅ | ✅ | ✅ | ✅ |
| 2 | Ensure you have the environment set before starting the workshop. | ✅ | ✅ | ✅ | ✅ |
| 3 | Watch one of the available recordings of The Open Source Fortress. | ❌ | ❌ | ✅ | ❌ |
| 4 | Understand how software is built and how the security model looks like. | ❌ | ❌ | ✅ | ❌ |
| 5 | Understand what Sand Castle is and how it works. (You can skip the demos, as you'll directly interact with the software.) | ❌ | ❌ | ✅ | ✅ |
| 6 | Skim read the vulnerabilities' listing that you can find in Sand Castle. You'll come back regularly to this page to look for pointers. | ❌ | ❌ | ✅ | ❌ |
| 7 | You'll start with the first vulnerability discovery technique. | ✅ | ✅ | ✅ | ✅ |
| 8 | Watch the Basics page of the current vulnerability discovery technique. | ❌ | ❌ | ✅ | ✌️ |
| 9 | You'll start with the first open source tool. | ✅ | ✅ | ✅ | ✅ |
| 10 | Open the documentation of the software. | ✅ | ✅ | ✅ | ✅ |
| 11 | Enter the specified Docker container. | ✅ | ✅ | ✅ | ✅ |
| 12 | Solve each task specified on the page, eventually by checking the docs. | ✅ | ✅ | ✅ | ✅ |
| 13 | If you are blocked, check the proposed solutions. | ✅ | ✅ | ✅ | ✅ |
| 14 | If you are blocked, ask for an instructor's help. | ✅ | ✅ | ❌ | ❌ |
| 15 | When you solved all the tasks, visit the page of the next open source tool for the current vulnerability detection technique. Go to step 10. | ✅ | ✅ | ✅ | ✅ |
| 16 | When you solved all the tasks from all the tools in the current vulnerability detection technique, you'll start the section of a new technique. Go to step 8. If you finished all the techniques, continue to step 17. | ✅ | ✅ | ✅ | ✅ |
| 17 | Check what other analysis and automation tooling exists. | ✅ | ✅ | ✅ | ✅ |
| 18 | Bookmark the security checklist and cheatsheet for getting started. This is distilled knowledge, so it may be helpful for you in the future! | ✅ | ✅ | ✅ | ✅ |