Web Application Exploits and Defenses
Results 1 to 4 of 4

Thread: Web Application Exploits and Defenses

  1. #1
    HYBR|D
    Guest

    Web Application Exploits and Defenses

    Greetings.

    I am very curious to know if any other members have seen http://google-gruyere.appspot.com/?

    Want to beat the hackers at their own game?


    • Learn how hackers find security vulnerabilities!
    • Learn how hackers exploit web applications!
    • Learn how to stop them!

    This codelab shows how web application vulnerabilities can be exploited and how to defend against these attacks. The best way to learn things is by doing, so you'll get a chance to do some real penetration testing, actually exploiting a real application. Specifically, you'll learn the following:

    • How an application can be attacked using common web security vulnerabilities, like cross-site scripting vulnerabilities (XSS) and cross-site request forgery (XSRF).
    • How to find, fix, and avoid these common vulnerabilities and other bugs that have a security impact, such as denial-of-service, information disclosure, or remote code execution.

    To get the most out of this lab, you should have some familiarity with how a web application works (e.g., general knowledge of HTML, templates, cookies, AJAX, etc.).
    I have only just started reading the 1st page, i take it that it can be like a small "Hacker Challenge" type thing?

  2. #2
    Senior Member
    Join Date
    Jul 2002
    Posts
    744
    it's an attempt at a distributed "honey pot"....most users won't get it, imo.
    Every now and then, one of you won't annoy me.

  3. #3
    HYBR|D
    Guest
    Oh lord, this looks like fun.

    The codelab is organized by types of vulnerabilities. In each section, you'll find a brief description of a vulnerability and a task to find an instance of that vulnerability in Gruyere. Your job is to play the role of a malicious hacker and find and exploit the security bugs. In this codelab, you'll use both black-box hacking and white-box hacking.


    It also mentions that you get assigned your own id, within the sand-boxed environment. I'm starting to get curious to know if there's a few members whom might want to make a mini team and have a play?

  4. #4
    Senior Member
    Join Date
    Jul 2002
    Posts
    744
    honeypot in a honeypot, use TOR while accessing?
    Every now and then, one of you won't annoy me.

Similar Threads

  1. .ASP Buffer Overflow exploits
    By nutzman in forum Miscellaneous Security Discussions
    Replies: 1
    Last Post: May 29th, 2002, 08:46 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides