INFOSEC ROCKS is a collection of activities and training resources for anyone interested in learning about information security topics in a fun and easy way.

Instructor-led Activities

Crypto Cramming
A series of activities that overviews the early early forms of cryptography and modern encryption on the Internet.
Prerequisites: None!

Colorful Key Exchange
An activity that demonstrates how the Diffie-Hellman key exchange works using jars of water and food coloring.
Prerequisites: None!

Self-guided Learning

Learn the web like a hacker
Learn the web like a hacker is a beginner-level activity in which you pretend to be a hacker exploiting a common web security flaw to learn some of the building blocks of modern websites: HTML, stylesheets and scripts. The course links to several external resources for aspiring webmasters and web hackers; if this is your first foray into web security, it will give you some background useful for tackling the more complicated challenges (handout).
Prerequisites: None

Learn XSS
Learn XSS is an interactive guide that describes cross-site scripting (XSS),  the most common web security flaw on the Internet.
Prerequisites: Basic knowledge of web application programming (e.g. HTML, Javascript) is helpful.

XSS War Games
XSS War Games is a self-guided training application that guides you through increasingly difficult, "find and exploit XSS" exercises. With increased knowledge of how to find and exploit XSS, you can help improve the security of software you use and better prevent bugs from happening in the first place (handout).
Prerequisites: Basic knowledge of web application programming (e.g. HTML, Javascript) is helpful.

Gruyere
Gruyere is a web application that, like the cheese, has tiny (security) holes.This self-guided codelab will teach you about how to find and fix common web application vulnerabilities, like XSS, XSRF, path traversal, and more.
Prerequisites: Basic knowledge of web application development (e.g. HTML, Javascript)

Real World Practice