Google has a free lab where they teach web app exploitation and the defense against it. Their latest development is a web app called Jarlsberg. If you don't know, that's also the name of a chess with a lot of holes. Just like the cheese, this sample application is full of web security holes due to bugs.
Jarlsberg is meant to be used as a poorly designed application to study. It is seriously vulnerable to attacks like cross-site scripting. You will learn about security as you go through the steps to see how you can hack the app. The app and code are being licensed for free under the Creative Commons license.
Some people are a little suspicious that Google is essentially teaching people how to be hackers. However you got to learn to hack before you can defend against it. Good job Google. It is funny that when I Google for Jarlsberg, I only get the real cheese. Maybe it is too early for this security app to be in the search engine results.
Good-fast-cheap. Pick two. - I got invited to a meeting with the customer today. There was a problem in production. And the customer wanted answers. When it came time, I explained wha...