HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 39 guests and 1 member online
 
Free Business and Tech Magazines and eBooks

You are here: Home arrow Resourcesarrow Tutorialsarrow Google training on Web Application Exploits and Defenses
EH-Net
May 23, 2013, 10:23:17 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Google training on Web Application Exploits and Defenses  (Read 5176 times)
0 Members and 1 Guest are viewing this topic.
Manu Zacharia (-M-)
Sr. Member
****
Offline Offline

Posts: 393


c0c0n Hacking Conference - where hackers unite


View Profile WWW
« on: May 19, 2010, 12:09:10 AM »
Google has come out with an online tutorial that gives security enthusiasts an opportunity to play the role of an intruder by exploiting real security vulnerabilities in a mock web application.

Quote
Google's "Web Application Exploits and Defenses" codelab can be used in a black-box setting, in which hackers aren't privy to the source code of the application they're attacking, or a white-box setting, in which they are. Jarlsberg is written in Python, although hackers, of course, need not be versed in the language in order to make mincemeat of the application.

The tutorial is designed to give developers - and anyone else - hands-on experience finding and fixing security bugs in the typical web application. It's broken up into various classes of vulnerabilities such as XSS, or cross-site scripting; CSRF, or cross-site request forgeries; and path traversal. Students are taught not only how to identify specific types of vulnerabilities but how to exploit them to carry out certain types of attacks.

The online website - http://jarlsberg.appspot.com/
the instructor's guide - http://code.google.com/edu/submissions/jarlsberg/Jarlsberg_Instructor_Guide.pdf

Click the following links for more information:

http://www.theregister.co.uk/2010/05/05/google_web_app_security_course/
Logged
Manu Zacharia
MVP (Enterprise Security), ISLA-2010 (ISC)², C|EH, C|HFI, CCNA, MCP,
Certified ISO 27001:2005 Lead Auditor

There are 3 roads to spoil; women, gambling & hacking. The most pleasant with women, the quickest with gambling, but the surest is hacking - c0c0n
H1t M0nk3y
Hero Member
*****
Offline Offline

Posts: 865



View Profile
« Reply #1 on: May 19, 2010, 06:57:17 AM »
Very interesting!

I have played with WebGoat and liked the idea a lot. I wonder how the one from Google is different from WebGoat...

I will give it a try as soon as I have 2 minutes!!!
Logged
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
sarathmedia
Newbie
*
Offline Offline

Posts: 3


View Profile
« Reply #2 on: September 23, 2010, 10:58:35 PM »
thanx for the info. bro...but regret to see that the below link isn't working:

http://code.google.com/edu/submissions/jarlsberg/Jarlsberg_Instructor_Guide.pdf
 Sad
Logged
don
Editor-In-Chief
Administrator
Hero Member
*****
Online Online

Posts: 4167


Editor-In-Chief


View Profile WWW
« Reply #3 on: September 25, 2010, 03:51:18 PM »
Clicking on:

http://jarlsberg.appspot.com/

One can quickly see the headline that they changed the name of the project. A quick Google search of 'Gruyere Instructor's Guide' found:

http://code.google.com/edu/submissions/gruyere/Gruyere_Instructors_Guide.pdf

Not judging, but a little bit of a hacker's mindset of being curious and a desire to figure things out would have led to not only an easy solution, but then you could have been the one to provide the answer before people even knew the question. ;-)

Don
« Last Edit: September 25, 2010, 03:54:38 PM by don » Logged
CISSP, MCSE, CSTA, Security+ SME
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.062 seconds with 23 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.