Chimera Educational Roadmap
This document outlines the strategic initiatives to transform Chimera from a vulnerable application sandbox into a guided learning platform for security engineering.
1. Interactive “Remediation Sandbox”
Goal: Enable users to fix vulnerabilities in real-time and verify the fix.
- Mechanism: The UI provides a code editor where users can apply a remediation. The API supports switching between “Vulnerable” and “Patched” logic for specific endpoints based on user session or global state.
- Value: Reinforces the “Build” side of security, not just the “Break” side.
2. The “Payload Journey” Visualizer
Goal: Visualize how malicious data transforms as it moves through the stack.
- Mechanism: Propagate a unique Request ID across the system. Visualize the lifecycle:
Browser -> WAF -> Controller -> Data Sanitizer -> SQL Query -> Database. - Value: Demystifies the “magic” of security filters and sanitization.
3. Narrative “Scenario-Based” Missions
Goal: Shift focus from exploring pages to completing structured security missions.
- Mechanism: A
MissionProvidertracks specific objectives (e.g., “Bypass the Insurance MFA”). Scenarios can dynamically reconfigure the API’s vulnerability profile. - Value: Provides context and narrative drive for learners.
4. Theory-to-Practice (Contextual Documentation)
Goal: Map practical exploits directly to industry standards.
- Mechanism: Link specific findings in
XRayInspectorandVulnerabilityModalto OWASP Top 10 and CWE entries. - Value: Teaches the formal language of security during the practical experience.
5. Defensive Layers Control Panel
Goal: Allow comparison between secured and insecure system states.
- Mechanism: A central dashboard to toggle global security features (CSRF, CSP, SQLi sanitization, etc.) on or off.
- Value: Demonstrates the impact of specific defensive controls on the same exploit payload.