They released a “codelab” today on Web Application Exploits and Defenses. Fun stuff and if you’ve been looking for a good primer it looks like a good hands-on way to learn.
We’re releasing this codelab, entitled “Web Application Exploits and Defenses,” today in coordination with Google Code University and Google Labs to help software developers better recognize, fix, and avoid similar flaws in their own applications. The codelab is built around Jarlsberg, a small yet full-featured microblogging application designed to contain lots of security bugs.
I’ve been through just the first few pages of the lab and like how it is laid out. Glancing at the outline shows that it covers a lot of territory: XSS, privilege escalation, cookie manipulation, XSRF, XSSI, DOS, path traversal, codex execution and much more.