I’ve been evaluating Google’s Web Application and Defences tutorial over the past day or so. Based around a fictitious Web application called Jarlsberg, it consists of a series of exercises that allow the student to exploit the numerous security holes on the site. The vulnerabilities include Cross Site Scripting (XSS) in its many forms, Cross Site Request Forgery (XSRF), Path Traversal, Denial of Service (DoS), Privilege Escalation,
Although a basic understanding of HTML and Javascript is necessary to understand the content, you don’t need to be an experienced web developer to benefit from the tutorial. Its main plus point is seeing exploits in action to demonstrate the damage they can cause. In the past I’ve sometimes had problems explaining quite why something like an XSRF vulnerability is a risk to a web site.
Posts
No comments:
Post a Comment