BREW: A Breakable Web Application for IT-Security Classroom Use

Abstract

This paper presents BREW (Breakable Web Application), a tool for teaching IT Security. BREWs main teaching targets are identification and exploitation of vulnerabilities, using technologies and methodologies for software auditing and testing, and bug detection, fixation, and writing of secure code. Main advantages of BREW include that it is easy to apply in practice, it is a perfect tool to create and retain motivation, it corresponds to the demands of the psychology of learning, and it can be used for a heterogeneous group of students. BREW has been success- fully used for teaching IT Security in Germany as well as on an Erasmus Project with international student groups.