Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Releases a Web-App Case Study For Hackers

Posted by timothy on from the just-this-once dept.

Hugh Pickens writes "The San Francisco Chronicle reports that Google has released Jarlsberg, a 'small, cheesy' web application specifically designed to be full of bugs and security flaws as a security tutorial for coders, and encourages programmers to try their hands at exploiting weaknesses in Jarlsberg as a way of teaching them how to avoid similar vulnerabilities in their own code. Jarlsberg has multiple security bugs ranging from cross-site scripting and cross-site request forgery, to information disclosure, denial of service, and remote code execution. The codelab is organized by types of vulnerabilities." (Read on for more.) "In black box hacking, users try to find security bugs by experimenting with the application and manipulating input fields and URL parameters, trying to cause application errors, and looking at the HTTP requests and responses to guess server behavior while in white-box hacking, users have access to the source code and can use automated or manual analysis to identify bugs. The tutorial notes that accessing or attacking a computer system without authorization is illegal in many jurisdictions but while doing this codelab, users are specifically granted authorization to attack the Jarlsberg application as directed."

6 of 95 comments (clear)

  1. First Post by Anonymous Coward · · Score: -1, Offtopic

    First post.

    1. Re:First Post by drougie · · Score: 0, Offtopic

      man I hate you guys..

      --
      Calling out bogus battery capacity claims.
  2. First Reply by Anonymous Coward · · Score: -1, Offtopic

    Exploiting a page-layout vulnerability whereby my reply will be the 2nd post even though it chronologically isn't.

  3. User Manual by hduff · · Score: -1, Offtopic

    A link to the User Manual, I believe.

    http://preview.socuteurl.com/wuvvywiddlecuddlefish

    --
    "I believe in Karma. That means I can do bad things to people all day long and I assume they deserve it." : Dogbert
  4. I do the same thing by Anonymous Coward · · Score: -1, Offtopic

    Every Sunday, I go to the park dressed as an old woman. My purse is open, I have a heavy gold necklace on, and I am counting my money in my wallet. It's a teaching exercise in taking advantage of old women. Anything they get from me, they get to keep. In this way, I hope to educate... and so on and so forth ... to cut a long story short, the end result will be that old women will be more secure in my area.

  5. hi by katehudson06 · · Score: 0, Offtopic

    We’re all waiting for your next article of course. Holiday Apartments Bol