.

Google training on Web Application Exploits and Defenses

<<

morpheus063

User avatar

Sr. Member
Sr. Member

Posts: 393

Joined: Sun Jun 25, 2006 10:08 am

Location: Cochin - India

Post Wed May 19, 2010 12:09 am

Google training on Web Application Exploits and Defenses

Google has come out with an online tutorial that gives security enthusiasts an opportunity to play the role of an intruder by exploiting real security vulnerabilities in a mock web application.

Google's "Web Application Exploits and Defenses" codelab can be used in a black-box setting, in which hackers aren't privy to the source code of the application they're attacking, or a white-box setting, in which they are. Jarlsberg is written in Python, although hackers, of course, need not be versed in the language in order to make mincemeat of the application.

The tutorial is designed to give developers - and anyone else - hands-on experience finding and fixing security bugs in the typical web application. It's broken up into various classes of vulnerabilities such as XSS, or cross-site scripting; CSRF, or cross-site request forgeries; and path traversal. Students are taught not only how to identify specific types of vulnerabilities but how to exploit them to carry out certain types of attacks.


The online website - http://jarlsberg.appspot.com/
the instructor's guide - http://code.google.com/edu/submissions/ ... _Guide.pdf

Click the following links for more information:

http://www.theregister.co.uk/2010/05/05 ... ty_course/
Manu Zacharia
MVP (Enterprise Security), ISLA-2010 (ISC)², C|EH, C|HFI, CCNA, MCP,
Certified ISO 27001:2005 Lead Auditor

[b]There are 3 roads to spoil; women, gambling & hacking. The most pleasant with women, the quickest with gambling, but the surest is hacking - c0c0n
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Wed May 19, 2010 6:57 am

Re: Google training on Web Application Exploits and Defenses

Very interesting!

I have played with WebGoat and liked the idea a lot. I wonder how the one from Google is different from WebGoat...

I will give it a try as soon as I have 2 minutes!!!
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

sarathmedia

Newbie
Newbie

Posts: 3

Joined: Sun Jun 17, 2007 4:00 am

Post Thu Sep 23, 2010 10:58 pm

Re: Google training on Web Application Exploits and Defenses

thanx for the info. bro...but regret to see that the below link isn't working:

http://code.google.com/edu/submissions/ ... _Guide.pdf
:(
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Sat Sep 25, 2010 3:51 pm

Re: Google training on Web Application Exploits and Defenses

Clicking on:

http://jarlsberg.appspot.com/

One can quickly see the headline that they changed the name of the project. A quick Google search of 'Gruyere Instructor's Guide' found:

http://code.google.com/edu/submissions/ ... _Guide.pdf

Not judging, but a little bit of a hacker's mindset of being curious and a desire to figure things out would have led to not only an easy solution, but then you could have been the one to provide the answer before people even knew the question. ;-)

Don
Last edited by don on Sat Sep 25, 2010 3:54 pm, edited 1 time in total.
CISSP, MCSE, CSTA, Security+ SME

Return to Tutorials

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software