Google has a free lab where they teach web app exploitation and the defense against it. Their latest development is a web app called Jarlsberg. If you don't know, that's also the name of a chess with a lot of holes. Just like the cheese, this sample application is full of web security holes due to bugs.
Jarlsberg is meant to be used as a poorly designed application to study. It is seriously vulnerable to attacks like cross-site scripting. You will learn about security as you go through the steps to see how you can hack the app. The app and code are being licensed for free under the Creative Commons license.
Some people are a little suspicious that Google is essentially teaching people how to be hackers. However you got to learn to hack before you can defend against it. Good job Google. It is funny that when I Google for Jarlsberg, I only get the real cheese. Maybe it is too early for this security app to be in the search engine results.
Password Problems - All the members of my old team had their own development schemas. We were give the schema password so we could make changes as we saw fit. These schemas w...