Webmaster Central Blog
Official news on crawling and indexing sites for the Google index
Do know evil
Tuesday, May 04, 2010
(Cross-posted on the
Google Online Security Blog
)
UPDATE July 13: We have changed the name of the codelab application to Gruyere. The codelab is now located at
http://google-gruyere.appspot.com
.
We want Googlers to have a firm understanding of the threats our services face, as well as how to help protect against those threats. We work toward these goals in a variety of ways, including security training for new engineers, technical presentations about security, and other types of documentation. We also use codelabs — interactive programming tutorials that walk participants through specific programming tasks.
One codelab in particular teaches developers about common types of web application vulnerabilities. In the spirit of the thinking that "it takes a hacker to catch a hacker," the codelab also demonstrates how an attacker could exploit such vulnerabilities.
We're releasing this codelab, entitled "Web Application Exploits and Defenses," today in coordination with
Google Code University
and
Google Labs
to help software developers better recognize, fix, and avoid similar flaws in their own applications. The codelab is built around Gruyere, a small yet full-featured microblogging application designed to contain lots of security bugs. The vulnerabilities covered by the lab include cross-site scripting (XSS), cross-site request forgery (XSRF) and cross-site script inclusion (XSSI), as well as client-state manipulation, path traversal and AJAX and configuration vulnerabilities. It also shows how simple bugs can lead to information disclosure, denial-of-service and remote code execution.
The maxim, "given enough eyeballs, all bugs are shallow" is only true if the eyeballs know what to look for. To that end, the security bugs in Gruyere are real bugs — just like those in many other applications. The Gruyere source code is published under a Creative Commons license and is available for use in whitebox hacking exercises or in computer science classes covering security, software engineering or general software development.
To get started, visit
http://google-gruyere.appspot.com/
. An instructor's guide for using the codelab is now available on
Google Code University
.
Posted by Bruce Leban, Software Engineer
Hey! Rankings in mobile search results changed
April 21st, 2015
.
Check here if your site is mobile-friendly.
Labels
accessibility
10
advanced
193
AMP
2
API
2
apps
6
autocomplete
2
beginner
171
crawling and indexing
141
encryption
1
events
44
feedback and communication
74
general tips
81
geotargeting
1
Google+
1
hacked sites
8
hreflang
3
https
2
images
6
intermediate
204
interstitials
1
localization
21
malware
3
mobile
41
mobile-friendly
5
performance
11
products and services
57
search console
9
search queries
4
search results
105
security
5
sitemaps
43
structured data
11
TLDs
1
url removals
1
UX
1
verification
7
video
1
webmaster community
5
webmaster guidelines
44
webmaster tools
159
Archive
2016
Aug
Jun
May
Apr
Mar
Jan
2015
Dec
Nov
Oct
Sep
Aug
Jul
May
Apr
Mar
Feb
Jan
2014
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2013
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2012
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2011
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2010
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2009
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2008
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2007
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2006
Dec
Nov
Oct
Sep
Aug
Feed
Google
on
Follow @googlewmc
Give us feedback in our
Product Forums
.
Subscribe via email
Enter your email address:
Delivered by
FeedBurner
Hey! Rankings in mobile search results changed April 21st, 2015.
