?Jarlsberg was written specifically to teach developers about security vulnerabilities and for this reason, the code is full of security flaws. According to the tutorial, "Jarlsberg has multiple security bugs ranging from cross-site scripting and cross-site request forgery, to information disclosure, denial of service, and remote code execution.?" The application is written in Python, though Google notes that the security bugs are not Python-specific.
Jarlsberg's source code is published under the Creative Commons license and the tutorial is part of Google's Code University.
It Takes a Hacker to Catch a Hacker
As Google's Bruce Leban notes, "it takes a hacker to catch a hacker" and the tutorial is meant to teach programmers to think like an attacker and to learn how hackers find security vulnerabilities. Leban also points out that the security bugs in the application are very typical bugs and similar to those found in many applications today.