No announcement yet.

Web Application Exploits and Defenses

This is a sticky topic.
  • Filter
  • Time
  • Show
Clear All
new posts

  • Web Application Exploits and Defenses

    Google made a very nice tutorial on website exploits and how to protect against them.

    You get your own copy of a buggy website, and follow the instructions to exploit and fix this website.
    Covers xss, csrf, and much more!

    The website is written in python so if you use php you may not understand the code, but the underlying principles are the same and these attacks can still be applied to your website!
    [font='Verdana, Helvetica, sans-serif'][/font]

  • #2
    I like these types of challenges, but they are intended for different audiences.
    I would think Python is not the most used language on the web, neither is it designed to be so.
    It's designed to make life easier for programmers who wants to run and test their programs cross-platform.

    Anyway, good post. It will help most people here understand more about security.
    I would rather suggest HackQuest, it covers allot more than just the website part of an system.


    • #3
      I don't know if maybe you misread the description, but this isn't similar to hackquest and other challenge sites. This is mainly a tutorial with some hands-on sections to try stuff out. But it can be treated as an article too. I think the target audience for this site is perfect for the web developers on this forum who want to learn more about web security.

      Sure, python's not the most popular web dev language but it is just as appropriate for web dev as ruby is. Personally I use python for my own web development and I find it much nicer than using PHP.
      [font='Verdana, Helvetica, sans-serif'][/font]