Skip to main content

Posts

Showing posts from May, 2010

Google's Web Application Security Training Resource - Jarlsberg.appspot.com

"Do no evil".  No really.  The google software team is really firing on all cylinders lately first it was a passive web application security tool ratproxy , then the active web application security assessment tool skipfish , now the people at Google Code University have released a training framework for web developers, security analysts, and anyone else interested in some of the most prevalent web application security threats. Google Code University has released a distributable web application named jarlsberg coded in python which provides excellent examples of vulnerable application issues.  This includes some common and less-than-common tests (Reflected XSS via AJAX!), including XSS, XSRF, DoS, Code Execution, SQLi, and various others. Before this, people used webgoat , and other forms of vulnerable applications that came packaged in some of the more popular security live-cds.  This makes all of those obsolete, as it is simple to setup and use, and to reset back to origin