The Ethical Hacker Network - Google training on Web Application Exploits and Defenses

Manu Zacharia (-M-)

Sr. Member

Offline

Posts: 393

c0c0n Hacking Conference - where hackers unite

Google training on Web Application Exploits and Defenses

« on: May 19, 2010, 12:09:10 AM »

Google has come out with an online tutorial that gives security enthusiasts an opportunity to play the role of an intruder by exploiting real security vulnerabilities in a mock web application.

Quote

Google's "Web Application Exploits and Defenses" codelab can be used in a black-box setting, in which hackers aren't privy to the source code of the application they're attacking, or a white-box setting, in which they are. Jarlsberg is written in Python, although hackers, of course, need not be versed in the language in order to make mincemeat of the application.

The tutorial is designed to give developers - and anyone else - hands-on experience finding and fixing security bugs in the typical web application. It's broken up into various classes of vulnerabilities such as XSS, or cross-site scripting; CSRF, or cross-site request forgeries; and path traversal. Students are taught not only how to identify specific types of vulnerabilities but how to exploit them to carry out certain types of attacks.

The online website - http://jarlsberg.appspot.com/
the instructor's guide - http://code.google.com/edu/submissions/jarlsberg/Jarlsberg_Instructor_Guide.pdf

Click the following links for more information:

http://www.theregister.co.uk/2010/05/05/google_web_app_security_course/


	Logged

Manu Zacharia
MVP (Enterprise Security), ISLA-2010 (ISC)², C|EH, C|HFI, CCNA, MCP,
Certified ISO 27001:2005 Lead Auditor

There are 3 roads to spoil; women, gambling & hacking. The most pleasant with women, the quickest with gambling, but the surest is hacking - c0c0n

H1t M0nk3y

Hero Member

Offline

Posts: 865

Re: Google training on Web Application Exploits and Defenses

« Reply #1 on: May 19, 2010, 06:57:17 AM »

Very interesting!

I have played with WebGoat and liked the idea a lot. I wonder how the one from Google is different from WebGoat...

I will give it a try as soon as I have 2 minutes!!!


	Logged

OSCP, GPEN, GWAPT, GSEC, CEH, CISSP

sarathmedia

Newbie

Offline

Posts: 3

Re: Google training on Web Application Exploits and Defenses

« Reply #2 on: September 23, 2010, 10:58:35 PM »

thanx for the info. bro...but regret to see that the below link isn't working:

http://code.google.com/edu/submissions/jarlsberg/Jarlsberg_Instructor_Guide.pdf
Sad


	Logged

don

Editor-In-Chief
Administrator
Hero Member

Offline

Posts: 4169

Editor-In-Chief

Re: Google training on Web Application Exploits and Defenses

« Reply #3 on: September 25, 2010, 03:51:18 PM »

Clicking on:

http://jarlsberg.appspot.com/

One can quickly see the headline that they changed the name of the project. A quick Google search of 'Gruyere Instructor's Guide' found:

http://code.google.com/edu/submissions/gruyere/Gruyere_Instructors_Guide.pdf

Not judging, but a little bit of a hacker's mindset of being curious and a desire to figure things out would have led to not only an easy solution, but then you could have been the one to provide the answer before people even knew the question. ;-)

Don


« Last Edit: September 25, 2010, 03:54:38 PM by don »	Logged

CISSP, MCSE, CSTA, Security+ SME

Pages: [1] Go Up

« previous next »