Google Releases a Web-App Case Study For Hackers 95
Hugh Pickens writes "The San Francisco Chronicle reports that Google has released Jarlsberg, a 'small, cheesy' web application specifically designed to be full of bugs and security flaws as a security tutorial for coders, and encourages programmers to try their hands at exploiting weaknesses in Jarlsberg as a way of teaching them how to avoid similar vulnerabilities in their own code. Jarlsberg has multiple security bugs ranging from cross-site scripting and cross-site request forgery, to information disclosure, denial of service, and remote code execution. The codelab is organized by types of vulnerabilities." (Read on for more.)
"In black box hacking, users try to find security bugs by experimenting with the application and manipulating input fields and URL parameters, trying to cause application errors, and looking at the HTTP requests and responses to guess server behavior while in white-box hacking, users have access to the source code and can use automated or manual analysis to identify bugs. The tutorial notes that accessing or attacking a computer system without authorization is illegal in many jurisdictions but while doing this codelab, users are specifically granted authorization to attack the Jarlsberg application as directed."
That's brilliant (Score:4, Funny)
The hard part, though, will be keeping up with all the patches for 0-day missing-vulnerabilities.
Try Jarlsberg, the newest app from Google... (Score:4, Funny)
It's odd to see Google striving to be like Microsoft.
For those who may ask... (Score:4, Funny)
Obligatory (Score:4, Funny)
Customer: Jarlsberg, perhaps?
Owner: Ah! We have Jarlsberg, yessir.
Customer: (suprised) You do! Excellent.
Owner: Yessir. It's..ah,.....it's a bit runny...
Customer: Oh, I like it runny.
Owner: Well,.. It's very runny, actually, sir.
Customer: No matter. Fetch hither the cheese of Norway! Mmmwah!
Owner: I...think it's a bit runnier than you'll like it, sir.
Customer: I don't care how fucking runny it is. Hand it over with all speed.
Owner: Oooooooooohhh........! (pause)
Customer: What now?
Owner: The cat's eaten it.
Customer: (pause) Has he.
Owner: She, sir.
Ooh, cheese! (Score:4, Funny)
Cheese is a kind of meat
A tasty yellow beef
I milk it from my teat
But I try to be discreet
Ooh, cheese.
Ooh, cheese.
Re:Web Goat (Score:5, Funny)
Re:Jarlsberg (Score:3, Funny)
Re:That's brilliant (Score:4, Funny)
Five bucks says we start seeing this code in copy-paste applications soon because people too lazy to write and understand the code they're producing are also to lazy to look where the code came from...
I hate you for how plausible that sounds.
Jarlsberg (Score:1, Funny)
Re:That's brilliant (Score:2, Funny)
that's what I'm here for ;)