If you’re a web developer, you need to have a firm understanding of security vulnerabilities to know how to write secure applications. Google have released a codelab entitled “Web Application Exploits and Defenses,” that teaches developers about common types of web application vulnerabilities.

The vulnerabilities covered by the lab include XSS (cross-site scripting), XSRF (cross-site request forgery), XSSI (cross-site script inclusion), client-state manipulation, path traversal and AJAX and configuration vulnerabilities. The codelab demonstrates how relatively simple bugs can lead to information disclosure, denial of service and remote code execution.

Learn what hackers use to hack web applications and that way you’ll know how to secure your own applications.

To get started, visit http://jarlsberg.appspot.com.

For more information, see http://googleonlinesecurity.blogspot.com/2010/05/do-know-evil-web-application.html