Google Offers Web App Training Course
Google has opened a new training course for Web app developers on their Google Code University‘s website which will teach developers about common programming errors that leave vulnerabilities.
The course is based on Jarlsburg, a Twitter like application released by Google as part of the course. The course, “Web Application Exploits and Defenses,” allows students to view an insecure application, assess the vulnerabilities and learn from the mistakes made in the programming that led to the vulnerabilities.
“This codelab is built around Jarlsberg /yärlz’·bərg/, a small, cheesy web application that allows its users to publish snippets of text and store assorted files. ‘Unfortunately,’ Jarlsberg has multiple security bugs ranging from cross-site scripting and cross-site request forgery, to information disclosure, denial of service, and remote code execution. The goal of this codelab is to guide you through discovering some of these bugs and learning ways to fix them both in Jarlsberg and in general,” according to course documents.
The course requires students to undergo several assignments in which students must identify vulnerabilities in the Jarlsberg code. Once students have a firm grasp of basic vulnerabilities, they must try and use the exploit to carry out a malicious action on the application.
The course is free and available to everyone. The Jarlsberg code can also be downloaded for free.
Related posts:
