New info on assignments

TopDog.tex

@@ -104,7 +104,7 @@ that it was not designed for.
 
 \section{Overview}
 In the LiU TopDog 2017 challenge you will practice
-penetration testing. Using a set of increasingly difficult challenges, you will
+penetration testing. Using a set of increasingly difficult assignments, you will
 gradually learn the basics of how an adversary might exploit badly designed
 applications and security systems. The goal is to give you the basics in
 practical security work and understand some common pitfalls when developing web
@@ -187,7 +187,7 @@ group. Please note the following:
 Tip: Generate a random password
 and write it down on a note in your wallet!
 
-\section{First login}
+\section{User account registration}\cref{sec:register}
 Now go to
 \href{http://snickerboa.it.liu.se/register.jsp}{http://snickerboa.it.liu.se/register.jsp} and
 register an account, see \cref{fig:login}. Note that the registration link is
@@ -213,41 +213,26 @@ login username and password before contacting us (see \cref{sec:contact}).
     \caption{The TopDog login page.\label{fig:login}}
 \end{figure}
 
-\section{Scoreboard}
-Whenever you finish a lesson or challenge, it will show up on the LiU TopDog
-scoreboard. The scoreboard can be seen by any participant in the course, so you
-can track your progress relative to the other students. The scoreboard is just
-for fun, and passing the lab means finishing the required modules in
-\cref{sec:challenges}, nothing else. The bonus points have nothing do do with
-your grade! See \cref{fig:scoreboard} for an example of what the scoreboard
-looks like. For each completed lesson or challenge you will receive points, so
-the more challenges you finish, the more bragging rights you have in the line to
-Baljan. Also, harder challenges give more points.
-
-Your name will not appear on the scoreboard until you have finished your first
-challenge. There is also a small bonus for being the first student to
-finish a given lesson or challenge in the form of medals. A gold medal is
-awarded to a group who finishes a lesson or challenge nobody else has finished
-yet. A silver medal is given to the second one, and bronze to the third. In the
-scoreboard there will therefore be users with medals in addition to the normal
-point score. These medals give extra points to the scoreboard.
-
-But remember, the scoreboard is just for fun. It has nothing to do with actually
-passing the lab!
-\begin{landscape}
-    \begin{figure}
-        \centering
-        \includegraphics[width=.9\linewidth]{scoreboard.png}
-        \caption{The TopDog scoreboard from 2016. Note the medals on some of the usernames.}
-        \label{fig:scoreboard}
-    \end{figure}
-\end{landscape}
 
 \chapter{Performing the Lab}
 TopDog contains a number of modules that cover different topics in
 web pentesting. It also offers a number of lessons that give a gentle
 introduction to the topic on hand.
 
+
+
+\section{Assignments}\label{sec:assignments}
+In order to pass the lab, you are required to finish all 21 assignments. In
+order to prepare yourself for the assignments, there are also lessons which give
+a gentle introduction to the topic at hand. You can solve the assignments in any
+order you want.
+
+There are also challenges which can be performed if you wish to try your luck.
+Note that the lab assistant will not help you with the challenges, you have to
+do your own research here.
+
+\section{Result keys}
+
 For each lesson and challenge your goal is to retrieve the so-called
 \enquote{result key}. When you finish a lesson or challenge, TopDog
 detects that \enquote{it has been hacked} and gives you the key. Paste this key
@@ -265,7 +250,56 @@ like the following:
 Whenever you receive a result key, paste it to the \enquote{Submit Result Key
 Here} box on the top of the screen.
 
-\section{Lessons}
+\section{Finishing the lab}
+You are done with the lab when you have finished the 21 required assignments.
+When this is done, make sure you have signed the lab attendance list (available
+at the lectures and the coaching sessions) and then send an email to the
+\textbf{Lab E-mail} (see \cref{sec:contact}) and we will then check that you
+have done everything required of you. If you have passed we will reply with an
+OK. Check \cref{sec:deadline} for information on when the deadline is. The
+deadline is strict and the server will be taken offline afterwards!
+
+\section{Best Practices}
+It is a good idea to keep notes of how you pass each challenge. While your
+progress on the server is backed up frequently we can never be too sure. Save
+your notes so you can get back to where you were in case of a catastrophic
+server failure.
+
+\section{Scoreboard}
+Whenever you finish a lesson, assignment, or challenge, it will show up on the
+LiU TopDog scoreboard. The scoreboard is public, and anybody can see the
+progress of the different groups. In addition, the scoreboard will be displayed
+on monitors around the campus, so the whole University will see how well you are
+doing.
+
+The scoreboard is just for fun, and in order to pass you are only required to
+finish the assignments. If you have finished the assignments and want more
+points, you are welcome to try the challenges. Again: the scoreboard has nothing
+do do with your grade! See \cref{fig:scoreboard} for an example of what the
+scoreboard looks like. For each completed lesson, assignment, or challenge you
+will receive points, so the more challenges you finish, the more bragging rights
+you have. Also, harder challenges give more points.
+
+Your name will not appear on the scoreboard until you have finished your first
+challenge. There is also a small bonus for being the first student to
+finish a given lesson or challenge in the form of medals. A gold medal is
+awarded to a group who finishes a lesson or challenge nobody else has finished
+yet. A silver medal is given to the second one, and bronze to the third. In the
+scoreboard there will therefore be users with medals in addition to the normal
+point score. These medals give extra points to the scoreboard!
+
+But remember, the scoreboard is just for fun. It has nothing to do with actually
+passing the lab.
+\begin{landscape}
+    \begin{figure}
+        \centering
+        \includegraphics[width=.9\linewidth]{scoreboard.png}
+        \caption{The TopDog scoreboard from 2016. Note the medals on some of the usernames.}
+        \label{fig:scoreboard}
+    \end{figure}
+\end{landscape}
+
+\section{List of lessons}
 The following lessons are available:
 \begin{description}\label{sec:lessons}
     \item[Broken Session Management]
@@ -280,18 +314,8 @@ The following lessons are available:
     \item[Unvalidated Redirects and Forwards]
 \end{description}
 
-\section{Best Practices}
-It is a good idea to keep notes of how you pass each challenge. While your
-progress on the server is backed up frequently we can never be too sure. Save
-your notes so you can get back to where you were in case of a catastrophic
-server failure.
-
-This is the first time we have ever attempted to give a lab course that is this
-complex. We have put a lot of work into making the lab interesting and to run
-the actual server. If you have any ideas or suggestions we are all ears!
-
-\section{Challenges}\label{sec:challenges}
-The following 21 challenges are required to pass the lab, and you are free to do the challenges in any order you want.
+\section{List of assignments}
+Below are the required assignments (there are hidden hints!):
 \begin{description}
     \item[Session Management Challenge 1]
         {\color{white}Try replacing \enquote{user} with
@@ -346,17 +370,6 @@ The following 21 challenges are required to pass the lab, and you are free to do
             should have 10 million in it. You should be able to figure out the rest.
         See \cref{sec:faq-bank} if there's not enough money anywhere!}
 \end{description}
-There are hidden hints!
-
-\section{Finishing the lab}
-You are done with the lab when you have finished the 21 required challenges
-listed in \cref{sec:challenges}. When this is done, make sure you have signed
-the lab attendance list (available at the lectures and the coaching sessions)
-and then send an email to the
-\textbf{Lab E-mail} (see \cref{sec:contact}) and we will then check that you
-have done everything required of you. If you have passed we will reply with an
-OK. Check \cref{sec:deadline} for information on when the deadline is. The
-deadline is strict and the server will be taken offline after!
 
 \chapter{Frequently Asked Questions (FAQ)}
 This section will be updated with frequently asked questions about the lab.
@@ -370,20 +383,17 @@ unplanned). If we are doing some planned work on the server this will be posted
 on Lisam.
 
 If the server is still down and there's nothing on Lisam saying it's a planned
-outage, the server might be down. Please send an e-mail to Jonathan at
-\href{mailto:jonathan.jogenfors@liu.se}{jonathan.jogenfors@liu.se} containing a
-description of the problem. Only use this e-mail address for technical issues
-with the server. For all other questions, see
-\cref{sec:contact}.
+outage, the server might be down. Please send an e-mail to the lab assistant,
+see \cref{sec:contact}.
 
 \section{How do I create a TopDog account?}
-The link to the registration page can be found in Lisam.
+See \cref{sec:register}.
 
 \section{How can I get bonus points for the exam?}
 The scoreboard and its points, bonus points, and medals is for fun only. They
 have absolutely nothing to do with passing the lab or with the examination of
-the course. There is a hidden scoreboard that where the lab assistant can see
-which modules you have completed.
+the course. The lab assistant can see how many assignments you have finished,
+independently of the scoreboard.
 
 \section{What happens if I can't go to the coaching session?}
 The coaching sessions are not a compulsory part of the course. If you can't
@@ -399,9 +409,8 @@ Try your skills on the challenges! If this is still not enough, check out
 \section{I don't get a result key, only \enquote{Key Should be here! Please
         refresh the home page and try again! If that doesn't work, sign in and out
 again!}}
-This is probably because you created a username with non-latin characters such
-as å, ä and ö. If this is the case, contact us (\cref{sec:contact}) and we'll
-help you change your username to a sane one.
+This is a bug that sometimes happens. Contact us (\cref{sec:contact}) and we'll
+help you.
 
 \section{The result key in insecure crypto challenges isn't working!}
 Make sure you check that you've got UPPERCASE/lowercase correctly. Some online