Webseclab's platform consists of individual virtual-machine environments tied together by a cloud service

Webseclab combines: - a cloud service and - individual virtual-machine distributions to provide a web security learning platform that is comprehensive, covering all major security topics deemed important by the security community; contemporary, encompassing recent attacks-and-defenses from hacker conferences and academic research; and tested, used to teach academic courses at Stanford and CMU.

We undertook the development of Webseclab to address the challenge teaching web application security, which is no easy thing. Web application security is a complex and fast moving target. It covers multiple technologies, e..g. network protocols, cryptographic features, programmng languages, across multiple layers, from networks to client/server applications to custom Javascript applets, and it is constantly evolvoing, with a large-number of new vulnerabilities and attacks are uncovered each year. Webseclab, containing over 90 laboratory exercises and provisions for instructor-supplied quizzes and programming projects, represents our best-effort at creating a teaching platform of sufficient scale, that teaches students to appreciate the complexity of the problem yet equipping them with the appropriate solutions.

Each student VM environment contains a large number of focused exercises for learning individual topics, a provision for administering instructor-created quizzes, along with all the software required for completing longer-term security-focused programming projects. The VM offers an all-in-one tool for completing all the teaching material in a package with turn-key installation and an easy-to-use browser-based interface. It also isolates harmful traffic, e.g. those illustrating attacks, keeping them from harming any public or corporate networks. Finally, it is fully integrated and synchronized with the cloud service.

The cloud service features are mainly designed to support class administration, for both instructors and students. Some key features of the cloud include reporting analytics such as progress and grading metrics in both instructor and student views, data backup/migration for individual student VMs, and synchronized project/quiz administration for instructors, including the ability to push new assignments to student VMs.