May 4, 2010, 2:48PM
Google Releases Web App Security Course
2 Comments
Google has released a new online training course for Web application developers designed to teach them how to avoid common programming mistakes that lead to vulnerabilities such as cross-site scripting, cross-site request forgery and others.
The course, which is part of the company's Google Code University, is based around the concept of a Twitter-like application called Jarlsberg, an actual app that Google is releasing as part of the course. Known as "Web Application Exploits and Defenses," the course gives developers the opportunity to see the inner workings of a fundamentally insecure application, analyze the vulnerabilities and learn about the programming mistakes that led to those flaws.
"This codelab is built around Jarlsberg /yärlz'·bərg/, a small, cheesy web application that allows its users to publish snippets of text and store assorted files. 'Unfortunately,' Jarlsberg has multiple security bugs ranging from cross-site scripting and cross-site request forgery, to information disclosure, denial of service, and remote code execution. The goal of this codelab is to guide you through discovering some of these bugs and learning ways to fix them both in Jarlsberg and in general," the course's documentation says.
Editor's Pick
Jarlsberg
The secure development course is built around a series of chalenges that require students to go through and identify specific vulnerabilities in the Jarlsberg code. After the students learn the basics of a vulnerability such as CSRF, they're then asked to find a way to use that flaw to perform a specific malicious action in the application, such as changing some detail of a logged-in user's account without his knowledge.
Secure-coding classes for developers are nothing new, nor are the kind of ethical hacking classes that give students the chance to learn basic attack techniques. But the idea of giving developers the chance to go after vulnerabilities in a Web application specifically designed for that purpose is somewhat novel, and probably much-needed, given how little security instruction most Web application developers get.
The security course is open to anyone and available for free, and the Jarlsberg code can be downloaded for free, as well.
Commenting on this Article is closed.
Today's Most Popular
- Defense Contractor Northrop Grumman Hiring For Offensive Cyber Ops
- Iranian Students Claim to have Stolen Thousands of Researcher's Records
- Report: Diablo III Users Find Accounts Hacked, Gold Stolen And New 'Mystery' Friends
- Why Google Won't Protect You From Big Brother
- Forget 'Brogrammers,' Women Have The Edge In DEFCON Social Engineering Contest
Most Commented Stories
Newsletter Sign-up
Take Our Poll
The Internet Crime Complaint Center recently warned of malware targeting travelers connecting to Wi-Fi. When traveling, do you
Connect to anything
20%
Only connect to password-protected, secure connections
38%
Only use websites with HTTPS
28%
I don’t pay attention to how I access the internet while traveling
14%
Total votes: 65
Follow Threatpost
 |  |  |  |
| Tumblr |
Comments
From those of us for whom this information is a foreign language to those of you for whom it is just what the doctor ordered: God bless, apply it to our business when we come across you!
<a href="Hello World.com"> Hello</a>