Do Know Evil: Web Application Vulnerabilities

If you’re a web developer, you need to have a firm understanding of security, in particular, web application vulnerabilities –  to know how to write secure applications. Google have released a codelab entitled “Web Application Exploits and Defenses,” that teaches developers about common types of web application vulnerabilities.

The vulnerabilities covered by the lab include XSS (cross-site scripting), XSRF (cross-site request forgery), XSSI (cross-site script inclusion), client-state manipulation, path traversal and AJAX and configuration vulnerabilities. The codelab demonstrates how relatively simple bugs can lead to information disclosure, denial of service and remote code execution.

Learn what hackers use to hack web applications and that way you’ll know how to secure your own applications.

To get started, visit

For more information, see

UPDATE July 13 2010: Google have changed the name of the codelab application to Gruyere and it is now located at

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.