Cyber Security Awareness Free

This is our main man Thomas. He's just made his first ever website!

Thomas has basic coding skills, and using simple PHP language, he's written out a simple form attached to a database for people to contact him.

This is Emily. She's very knowledgeable when it comes to security, and sometimes uses her power for mischief. Emily stumbles across Thomas' web page, and realises that he hasn't protected himself from SQL injection attacks...

Emily types a simple command into the form - and voilà!, she's able to see all of Thomas' messages!

Since we last spoke to Thomas, he's found his niche, and his website has become very popular! Thomas has started to make money from online ads, and wants to keep this separate from his other income.

Thomas decides the best way to do this is sign up for a new bank account online.

The day after he sets it up, he can't get back into it! What's happened to Thomas' money?!

Predictable Passwords This is one of the most common ways to get caught out online. Websites should not allow you to use passwords like "12345" or "password", and sites that do open themselves up to vulnerabilities.

Eavesdropping On unencrypted connections, bad actors can use readily available software to see the passwords, usernames and Session IDs transmitted from users to the website.

Impersonation By using a Session ID that is not invalidated at the end of each session, bad actors can impersonate users and gain full access to their accounts.

Emily's a very knowledgeable internet user, and today, she's decided to look for some vulnerabilities in everyday websites.

Emily has her eyes set on this social media website - how can she cause some mischief?

Using the HTML

It's been a while now, and Thomas is quite happy with his site as it is. He's got multiple features and plugins installed.

To administer all of these new features, he's created the ability to log in with a browser, and change settings from where ever he is.

Unfortunately, he hasn't set up and tested his access control correctly - leading his site to become vulnerable to attacks.

Our successful friend Thomas has decided to start selling his products online. He decided to accept Credit Cards on his website.

His site stores credit card information in plain text, but the text is destroyed after each order is completed.

After a few weeks, one of Thomas' customers contacts him, and angrily tells Thomas that his Credit Card details had been stolen!

Emily is taking a day off hacking, and is paying her friend for a concert ticket.

She submits a transfer form on her bank's website - but she notices something while poking around. The website doesn't authenticate its requests properly.

Emily sees a way that she can exploit this, so everybody who posts a comment to her website also sends her $100 - as long as they're also logged into her bank's website.

Thomas' website has expanded! He's got heaps of features - some of which he didn't code himself.

Some features, like his online shop, are additional plugins that he has installed.

One day, one of Thomas' plugins stops working, and gives him some strange error messages when he tries to fix it.

Thomas is working on his site, which by now, has plenty of plugins.

However, Emily knows some vulnerabilities in Thomas' plugin APIs, and uses her knowledge to cause havoc!