New Google recruits learn how to protect their web applications against security threads with the help of technical presentations and interactive tutorials. Today, Google is making its “Web Application Exploits and Defenses” tutorial available to everybody on the Internet. Part of this tutorial includes Jarlsberg, a full-featured microblogging application that was developed with a single purpose: to be hacked.
?Jarlsberg was written specifically to teach developers about security vulnerabilities and for this reason, the code is full of security flaws. According to the tutorial, “Jarlsberg has multiple security bugs ranging from cross-site scripting and cross-site request forgery, to information disclosure, denial of service, and remote code execution.?” The application is written in Python, though Google notes that the security bugs are not Python-specific.
Jarlsberg’s source code is published under the Creative Commons license and the tutorial is part of Google’s Code University.
It Takes a Hacker to Catch a Hacker
As Google’s Bruce Leban notes, “it takes a hacker to catch a hacker” and the tutorial is meant to teach programmers to think like an attacker and to learn how hackers find security vulnerabilities. Leban also points out that the security bugs in the application are very typical bugs and similar to those found in many applications today.