diff --git a/bibliography.bib b/bibliography.bib new file mode 100644 index 0000000..6590bc7 --- /dev/null +++ b/bibliography.bib @@ -0,0 +1,16 @@ +@phdthesis{balint_bokros_informatikai_2017, + title={Informatikai oktató rendszer funkcionalitásának bővítése azonos témakört bemutató feladatok hatékony prezentálásához}, + language={hungarian}, + author={Bálint Bokros}, + month=dec, + year={2017} +} + +@misc{AkosFacebook, + title={The three fatal bugs behind the Facebook breach}, + howpublished="\url{https://blog.avatao.com//The-three-fatal-bugs-behind-the-Facebook-breach/}", + author={Ákos Hajba}, + language={english}, + month=oct, + year={2018} +} diff --git a/content/abstract.tex b/content/abstract.tex index dfa1d83..f0120d0 100644 --- a/content/abstract.tex +++ b/content/abstract.tex @@ -1,4 +1,15 @@ \section*{Abstract} \addcontentsline{toc}{section}{Abstract} -During my thesis work I became a caffeine addict. +This paper discusses the design and development of a framework which can be used to create +interactive tutorials running inside Docker containers, semi-automatically showcasing various +IT topics in real time. The user is guided through exercises using real environments with +real software, all with the possibility of interaction at any time. +This technology can supplement/improve the way e-learning is usually done today +-- which is mostly articles and learning videos -- and help users get hands-on experience +on their way of acquiring knowledge. + +Currently more than 60 learning exercises based on this framework are available on +the e-learning platform called Avatao, with more being released every week. +This text is going to justify the need for such technology, explain the ideas leading +to it, discuss architecture, use-cases and more. diff --git a/content/introduction.tex b/content/introduction.tex index 2c6dde6..65e12a0 100644 --- a/content/introduction.tex +++ b/content/introduction.tex @@ -1,4 +1,71 @@ -\section*{Introduction} -\addcontentsline{toc}{section}{Introduction} +\section{Introduction} -I really seem to like cats. +As the world is being completely engulfed by software, the need for accessible, but +high quality learning materials on software engineering and especially secure software +engineering is on the rise. +While we are enjoying the comfort that information technology provides us, we often forget +about the risks involved in relying so much on software in our everyday lives. +When taking a look on recent events, such as a cyber arms race taking place between leading +powers, 50 million Facebook accounts being breached +due to the incorrect handling of access tokens, or how China is building an Orwellian state +of total digital surveillance it becomes clear that security and privacy in the IT sector +is more important now than ever. + +With all of our data slowly crawling towards the cloud and an IoT revolution on our necks, +we as an industry must face the music and start actually doing something before we enter +a new age of digital wild west. +Unless we want to disconnect all our devices from all networks and ban USB sticks, the best +lines of defense are going to be people -- a new generation of \emph{security conscious} users and +developers. + +The goal of Avatao as a company is to help software developers in building a \emph{culture} of +security amongst themselves, with the vision that if the world is going to be taken over by +software no matter what, that software might as well be \emph{secure software}. +Unless we want to run around in vulnerable self driving cars while exposing all our sensitive +data through our ill-protected smart phones that is. +To achieve this goal we have been working on an online e-learning platform with hundreds\ +\footnote{654 exercises as of today, to be exact} +of hands-on learning exercises to help students and professionals +master IT security, collaborating with +universities around the world and providing a solution for companies in building +\emph{security consciousness} amongst their developer teams. + +Since starting out we have amassed some experience in building fun challenges and tutorials +that showcase the exploitation and fixing of relevant security vulnerabilites in code or +configuration. +Traditionally these exercises revolved around offensive and defensive tasks, with challenges +often being split into two or more parts. +For example users would have to hack a website by exploiting a buffer overflow vulnerability, +then in the second challenge they would fix the code they've just exploited in a web based +code editor. +These kind of exercises offer great flexibility to reflect real world security issues, as in +more complex challenges users might be required to exploit multiple vulnerabilites for success, +and understand the ways they augment each other. +We often recreate real world scenarios based on incident reports released by companies for +added authenticity and relevance \cite{AkosFacebook}. +Our challenges usually involve some sort of website acting as frontend for the vulnerable +application, or require the user to connect to a server using SSH. + +While working as a content creator I have stumbled into the idea of automating the completion +of challenges for QA\footnote{Quality assurrance} and demo purposes\ +\footnote{I used to record short videos or GIFs to showcase my content to management}. +In a certain scenario I was required to integrate a web based terminal emulator in a +frontend application to improve user experience by making it possible to use a terminal +right on the website rather than having to connect through SSH. +After I got this working I was looking into writing hacky bash scripts to automate the steps +required to complete the challenge in order to make it easier for me to record the solution, +as I have often found myself recording over and over for a demo without any mistakes. +During the time I was playing around with this idea, researching possible solutions I've found +a hidden gem of a project on GitHub called \emph{demo-magic}\ +\footnote{\href{https://github.com/paxtonhare/demo-magic}{https://github.com/paxtonhare/demo-magic}}, +which is esentially a bash script that simulates someone typing into a terminal and executing +commands. +I have created a fork of the project and integrated it into my challenge. +Soon after recording demo videos was not even necessary anymore, as I have started to distribute +the solution script with the challenge code itself, making it toggleable using build-time +variables. + +I was quite pleased with myself, no longer having to do the busywork of recording videos, +but what I did not know was that I have accidentally +did something far more than a hacky bash script solving my challenges, as this little script +was the basis of the idea for the project we call \emph{Tutorial Framework} or just \emph{TFW}. diff --git a/content/titlepage.tex b/content/titlepage.tex index 7295a9e..79f67ea 100644 --- a/content/titlepage.tex +++ b/content/titlepage.tex @@ -14,7 +14,7 @@ { \renewcommand{\arraystretch}{0.85} \begin{tabular}{ccc} - \makebox[5cm]{\emph{Author}} & \makebox[5cm]{\emph{Advisor}} & \makebox[5cm]{\emph{External Advisor}}\\ \noalign{\smallskip} + \makebox[5cm]{\emph{Author}} & \makebox[5cm]{\emph{Advisor}} & \makebox[5cm]{\emph{Company Advisor}}\\ \noalign{\smallskip} \makebox[5cm]{Kristóf Tóth} & \makebox[5cm]{Dr.~Levente Buttyán} & \makebox[5cm]{Dr.~Gábor Pék} \\ \end{tabular} } diff --git a/latexplate.sty b/latexplate.sty index 61797f2..4a08cfc 100644 --- a/latexplate.sty +++ b/latexplate.sty @@ -3,7 +3,6 @@ fontspec, fancyhdr, lmodern, - hyperref, graphicx, float, ragged2e, diff --git a/thesis.tex b/thesis.tex index edc04b1..d6d18e8 100644 --- a/thesis.tex +++ b/thesis.tex @@ -2,8 +2,11 @@ \usepackage{latexplate} \usepackage[top=25mm,bottom=25mm,left=15mm,right=15mm]{geometry} \usepackage[magyar,english]{babel} -\usepackage[defaultlines=5,all]{nowidow} +\usepackage[defaultlines=10,all]{nowidow} \usepackage{advdate} +\usepackage{cite} +\usepackage{url} +\usepackage{hyperref} \setmainfont{Constantia} @@ -31,4 +34,6 @@ \include{content/abstract} \include{content/introduction} +\bibliography{bibliography}{} +\bibliographystyle{unsrt} \end{document}