Google Releases a Web-App Case Study For Hackers

Google Releases a Web-App Case Study For Hackers 95

Posted by timothy on Wednesday May 05, 2010 @04:49PM from the just-this-once dept.

Hugh Pickens writes "The San Francisco Chronicle reports that Google has released Jarlsberg, a 'small, cheesy' web application specifically designed to be full of bugs and security flaws as a security tutorial for coders, and encourages programmers to try their hands at exploiting weaknesses in Jarlsberg as a way of teaching them how to avoid similar vulnerabilities in their own code. Jarlsberg has multiple security bugs ranging from cross-site scripting and cross-site request forgery, to information disclosure, denial of service, and remote code execution. The codelab is organized by types of vulnerabilities." (Read on for more.)

"In black box hacking, users try to find security bugs by experimenting with the application and manipulating input fields and URL parameters, trying to cause application errors, and looking at the HTTP requests and responses to guess server behavior while in white-box hacking, users have access to the source code and can use automated or manual analysis to identify bugs. The tutorial notes that accessing or attacking a computer system without authorization is illegal in many jurisdictions but while doing this codelab, users are specifically granted authorization to attack the Jarlsberg application as directed."

Google Releases a Web-App Case Study For Hackers

This discussion has been archived. No new comments can be posted.

Search 95 Comments Log In/Create an Account

Comments Filter:

Jarlsberg (Score:5, Informative)

by clone53421 ( 1310749 ) writes: on Wednesday May 05, 2010 @05:02PM (#32104458) Journal

For those who missed the reference, Jarlsberg [wikipedia.org] is a variety of cheese which has large, irregular holes.

Re:a tutorial from China (Score:2, Informative)

by FuckingNickName ( 1362625 ) writes: on Wednesday May 05, 2010 @05:26PM (#32104746) Journal

Android is built on Linux, which is open source. Google's apps on Android are closed source.
Chromium is built on WebKit, which is built on KDE's HTML rendering engine, which is open source. Chrome is closed source.
So even when they're taking great advantage of open source, like Apple, they can't resist making sure the full kaboodle is closed. And these are just just their minor projects.
Their major search thing is as closed as they promised it wouldn't be (though no-one remembers that any more).

HackThisSite (Score:3, Informative)

by brainfsck ( 1078697 ) writes: on Wednesday May 05, 2010 @05:50PM (#32104972)

I had fun messing around on the site. If you're interested in this sort of thing, HackThisSite.org [hackthissite.org] has about a dozen similar "Realistic Missions" as well as forums and many other types of security-related challenges.

Web Goat (Score:4, Informative)

by dhadley519 ( 876667 ) * writes: on Wednesday May 05, 2010 @06:17PM (#32105266)

Interested parties should also be aware of web goat by the owasp team. http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project [owasp.org]

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Google Releases a Web-App Case Study For Hackers 95

Google Releases a Web-App Case Study For Hackers More Login

Google Releases a Web-App Case Study For Hackers

Jarlsberg (Score:5, Informative)

Re:a tutorial from China (Score:2, Informative)

HackThisSite (Score:3, Informative)

Web Goat (Score:4, Informative)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot