Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×
Security

Submission + - Google Releases a Tutorial for Hackers 1

Hugh Pickens writes: ""Learn how hackers find security vulnerabilities and exploit web applications!" as the San Francisco Chronicle reports that Google has released Jarlsberg, a "small, cheesy" web application specifically designed to be full of bugs and security flaws as a security tutorial for coders and encourages programmers to try their hands at exploiting weaknesses in Jarlsberg as a way of teaching them how to avoid similar vulnerabilities in their own code. Jarlsberg has multiple security bugs ranging from cross-site scripting and cross-site request forgery, to information disclosure, denial of service, and remote code execution. The codelab is organized by types of vulnerabilities. In black box hacking, users try to find security bugs by experimenting with the application and manipulating input fields and URL parameters, trying to cause application errors, and looking at the HTTP requests and responses to guess server behavior while in white-box hacking, users have access to the source code and can use automated or manual analysis to identify bugs. The tutorial notes that accessing or attacking a computer system without authorization is illegal in many jurisdictions but while doing this codelab, users are specifically granted authorization to attack the Jarlsberg application as directed."

Slashdot Top Deals

I consider a new device or technology to have been culturally accepted when it has been used to commit a murder. -- M. Gallaher

Working...