Abstract
Hands-on experience and training related to the latest cyberthreats and best practices, augmented with real-life examples and scenarios is very important for aspiring cybersecurity specialists and IT professionals in general. However, this is not always possible either because of time, financial or technological constraints. For cybersecurity exercises to be effective they must be well prepared, the necessary equipment installed, and an appropriate level of isolation configured, preventing inter-user interference, and protecting the integrity of the platform itself. In recent years there have been numerous cybersecurity training systems developed that aim to solve these problems. They can either be used as cloud or self-hosted applications. These solutions vary in their level of sophistication and ease-of-use, but they all share a single goal, to better educate the cyber community about the most common vulnerabilities and how to overcome them. The aim of this paper is to survey and analyze popular cybersecurity training systems currently available, and to offer a taxonomy which would aid in their classification and help crystalize their possibilities and limitations, thus supporting the decision-making process.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
(ISC)2: 2019 Cybersecurity Workforce Study (2019). https://www.isc2.org/-/media/ISC2/Research/2019-Cybersecurity-Workforce-Study/ISC2-Cybersecurity-Workforce-Study-2019.ashx. Accessed 26 Feb 2020
Poritskiy, N., Oliveira, F., Almeida, F.: The benefits and challenges of general data protection regulation for the information technology sector. DPRG (2019). https://doi.org/10.1108/DPRG-05-2019-0039
Department for Digital, Culture, Media & Sport: Cyber Security Breaches Survey 2019. https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/813599/Cyber_Security_Breaches_Survey_2019_-_Main_Report.pdf. Accessed 25 Feb 2020
Ghafur, S., Kristensen, S., Honeyford, K., Martin, G., Darzi, A., Aylin, P.: A retrospective impact analysis of the WannaCry cyberattack on the NHS. NPJ Digital Med. (2019). https://doi.org/10.1038/s41746-019-0161-6
Berghel, H.: Equifax and the latest round of identity theft roulette. Computer (2017). https://doi.org/10.1109/MC.2017.4451227
Lopez-Cobo, M., et al.: Academic offer and demand for advanced profiles in the EU. Artificial Intelligence, High Performance Computing and Cybersecurity, JRC113966. Joint Research Centre (Seville site) (2019). http://publications.jrc.ec.europa.eu/repository/handle/JRC113966
Bell, R.S., Sayre, E.C., Vasserman, E.Y.: A Longitudinal study of students in an introductory cybersecurity course. In: 2014 ASEE Annual Conference & Exposition. ASEE Conferences, Indianapolis, Indiana (2014)
Shumba, R.: Towards a more effective way of teaching a cybersecurity basics course. SIGCSE Bull. (2004). https://doi.org/10.1145/1041624.1041671
Furfaro, A., Piccolo, A., Parise, A., Argento, L., Saccà , D.: A cloud-based platform for the emulation of complex cybersecurity scenarios. Future Gener. Comput. Syst. (2018). https://doi.org/10.1016/j.future.2018.07.025
Acosta, J.C., McKee, J., Fielder, A., Salamah, S.: A platform for evaluator-centric cybersecurity training and data acquisition. In: MILCOM 2017 - 2017 IEEE Military Communications Conference (MILCOM). 2017 IEEE Military Communications Conference (MILCOM), Baltimore, MD, 23–25 October 2017, pp. 394–399. IEEE. https://doi.org/10.1109/MILCOM.2017.8170768
Kalyanam, R., Yang, B.: Try-CybSI: an extensible cybersecurity learning and demonstration platform. In: Zilora, S., Ayers, T., Bogaard, D. (eds.) Proceedings of the 18th Annual Conference on Information Technology Education - SIGITE 2017. the 18th Annual Conference, Rochester, New York, USA, pp. 41–46. ACM Press, New York (2017). https://doi.org/10.1145/3125659.3125683
Mirkovic, J., Benzel, T.: Teaching cybersecurity with DeterLab. IEEE Secur. Privacy 10(1), 73–76 (2012). https://doi.org/10.1109/MSP.2012.23
Kim, W.: A practical guide for understanding online business models. Int. J Web Inf. Syst. (2019). https://doi.org/10.1108/IJWIS-07-2018-0060
OWASP Foundation, the Open Source Foundation for Application Security. https://owasp.org/. Accessed 27 Feb 2020
OWASP Top 10. https://owasp.org/www-project-top-ten/. Accessed 19 Feb 2020
Schneider, F.B.: Cybersecurity education in universities. IEEE Secur. Privacy 11(4), 3–4 (2013). https://doi.org/10.1109/MSP.2013.84
Nunes, E., Kulkarni, N., Shakarian, P., Ruef, A., Little, J.: Cyber-deception and attribution in capture-the-flag exercises. In: Jajodia, S., Subrahmanian, V.S.S., Swarup, V., Wang, C. (eds.) Cyber Deception, pp. 151–167. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-32699-3_7
Chicone, R., Burton, T.M., Huston, J.A.: Using Facebook’s open source capture the flag platform as a hands-on learning and assessment tool for cybersecurity education. Int. J. Concept. Struct. Smart Appl. 6(1), 18–32 (2018). https://doi.org/10.4018/IJCSSA.2018010102
Alexa. Keyword Research, Competitive Analysis and Website Ranking. https://www.alexa.com/. Accessed 25 Feb 2020
GitHub Stars. https://help.github.com/en/enterprise/2.13/user/articles/about-stars. Accessed 27 Feb 2020
Enigma Group Challenges. Web application security training. https://www.enigmagroup.org/. Accessed 18 Feb 2020
Hack Yourself First. https://hack-yourself-first.com/. Accessed 18 Feb 2020
Hunt, T.: Hack Yourself First: How to go on the Cyber-Offense. https://app.pluralsight.com/library/courses/hack-yourself-first/table-of-contents. Accessed 19 Feb 2020
Hack This Site. https://www.hackthissite.org/. Accessed 18 Feb 2020
Hack This Site Online Shop. https://www.cafepress.com/htsstore. Accessed 25 Feb 2020
Root Me. https://www.root-me.org/. Accessed 18 Feb 2020
Try Hack Me. https://tryhackme.com/. Accessed 18 Feb 2020
Kali Linux. Penetration Testing and Ethical Hacking Linux Distribution. https://www.kali.org/. Accessed 25 Feb 2020
Hack Me. https://hack.me/. Accessed 18 Feb 2020
OWASP Juice Shop. https://owasp.org/www-project-juice-shop/. Accessed 18 Feb 2020
OWASP NodeGoat. https://owasp.org/www-project-node.js-goat/. Accessed 18 Feb 2020
OWASP Mutillidae II. https://github.com/webpwnized/mutillidae. Accessed 18 Feb 2020
OWASP WebGoat. https://owasp.org/www-project-webgoat/. Accessed 18 Feb 2020
OWASP Juice Shop CTF CLI. https://www.npmjs.com/package/juice-shop-ctf-cli. Accessed 25 Feb 2020
Kimminich, B.: Pwning OWASP Juice Shop (2019). https://bkimminich.gitbooks.io/pwning-owasp-juice-shop/content/
Haaukins. A Highly Accessible and Automated Virtualization Platform for Security Education. https://github.com/aau-network-security/haaukins. Accessed 18 Feb 2020
FBCTF. Platform to host Capture the Flag competitions. https://github.com/facebook/fbctf. Accessed 18 Feb 2020
CTFd. https://github.com/CTFd/CTFd. Accessed 18 Feb 2020
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Kjorveziroski, V., Mishev, A., Filiposka, S. (2020). Cybersecurity Training Platforms Assessment. In: Dimitrova, V., Dimitrovski, I. (eds) ICT Innovations 2020. Machine Learning and Applications. ICT Innovations 2020. Communications in Computer and Information Science, vol 1316. Springer, Cham. https://doi.org/10.1007/978-3-030-62098-1_15
Download citation
DOI: https://doi.org/10.1007/978-3-030-62098-1_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-62097-4
Online ISBN: 978-3-030-62098-1
eBook Packages: Computer ScienceComputer Science (R0)