Google Blogoscoped

Forum

Google: Do know evil: Web application vulnerabilities

Juha-Matti Laurio [PersonRank 10]

Wednesday, May 5, 2010
4 years ago1,074 views

googleonlinesecurity.blogspot. ...

From the post:

"....
One codelab in particular teaches developers about common types of web application vulnerabilities. In the spirit of the thinking that "it takes a hacker to catch a hacker," the codelab also demonstrates how an attacker could exploit such vulnerabilities.

We're releasing this codelab, entitled "Web Application Exploits and Defenses," today in coordination with Google Code University and Google Labs to help software developers better recognize, fix, and avoid similar flaws in their own applications. The codelab is built around Jarlsberg, a small yet full-featured microblogging application designed to contain lots of security bugs.
...."

jarlsberg.appspot.com/

code.google.com/edu/

ianf [PersonRank 10]

4 years ago #

"This codelab is built around Jarlsberg /yärlz'·bərg/, a small, cheesy web application [...]"

I'm not competent to judge the validity of the learning concept, but find it hillarious that a special workbench application has been designed with lots of exploitable security bugs/ threat vectors just to allow their discovery and thwarting by students. Apt name, too. A Jarlsberg-brand cheese is presently on my table, some of it in my stomach, and I am NOT, I assure you, a common househould mouse.

mbegin [PersonRank 10]

4 years ago #

<< This codelab shows how web applications can be exploited and how to defend against that. The best way to learn things is by doing, so you'll get a chance to do some real penetration testing, actually exploiting a real application. Specifically, you'll learn the following:

-How an application can be attacked using common web security vulnerabilities, like cross-site scripting vulnerabilities (XSS) and cross-site request forgery (XSRF).

-How to find, fix, and avoid these common vulnerabilities and other bugs that have a security impact, such as denial-of-service, information disclosure, or remote code execution. >>

googlelabs.com/show_details?ap ...

This thread is locked as it's old... but you can create a new thread in the forum. 

Forum home

Advertisement

 
Blog  |  Forum     more >> Archive | Feed | Google's blogs | About
Advertisement

 

This site unofficially covers Google™ and more with some rights reserved. Join our forum!