http://googleonlinesecurity.blogspot.com/2010/05/do-know-evil-web-application.html
From the post:
".... One codelab in particular teaches developers about common types of web application vulnerabilities. In the spirit of the thinking that "it takes a hacker to catch a hacker," the codelab also demonstrates how an attacker could exploit such vulnerabilities.
We're releasing this codelab, entitled "Web Application Exploits and Defenses," today in coordination with Google Code University and Google Labs to help software developers better recognize, fix, and avoid similar flaws in their own applications. The codelab is built around Jarlsberg, a small yet full-featured microblogging application designed to contain lots of security bugs. ...."
http://jarlsberg.appspot.com/
http://code.google.com/edu/ |
"This codelab is built around Jarlsberg /yärlz'·bərg/, a small, cheesy web application [...]"
I'm not competent to judge the validity of the learning concept, but find it hillarious that a special workbench application has been designed with lots of exploitable security bugs/ threat vectors just to allow their discovery and thwarting by students. Apt name, too. A Jarlsberg-brand cheese is presently on my table, some of it in my stomach, and I am NOT, I assure you, a common househould mouse.
|
<< This codelab shows how web applications can be exploited and how to defend against that. The best way to learn things is by doing, so you'll get a chance to do some real penetration testing, actually exploiting a real application. Specifically, you'll learn the following:
-How an application can be attacked using common web security vulnerabilities, like cross-site scripting vulnerabilities (XSS) and cross-site request forgery (XSRF).
-How to find, fix, and avoid these common vulnerabilities and other bugs that have a security impact, such as denial-of-service, information disclosure, or remote code execution. >>
http://www.googlelabs.com/show_details?app_key=agtnbGFiczIwLXd3d3IVCxIMTGFic0FwcE1vZGVsGOzipQEM |