The folks at Google have released some web app training, along with a vulnerable web app sandbox to play in. The tool is called Jarlsberg. Anyone here take a look at it yet, and have an opinion about it?
The description (see below) sounds kinda sorta like OWASP's WebGoat, except that the vulnerable app itself is written in Python. Oh, and the app is available on the web, as well as in source code (under Creative Commons). http://jarlsberg.appspot.com/ There's also an instructor's guide available at: http://code.google.com/edu/submissions/jarlsberg/Jarlsberg_Instructor_Guide.pdf Cheers, Ken ----- Kenneth R. van Wyk KRvW Associates, LLC http://www.KRvW.com Follow us on Twitter at: http://twitter.com/KRvW_Associates
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________