Recently I’ve started working on CoreCodex again; I had to stop at the end of last semester because of school work load. Now that I’m reviewing what I previously wrote, I started to realize I had some smaller security issues, but knew there must be more. No one writes code perfectly without peer-review or at least a good self-review.
Google Gruyere is a powerful little GoogleApp which is a web-security lab taught through the Google Code University. It is similar to a WarGame found on several websites to teach programmers (in this case, web programmers) how to find, break, and fix common security bugs in software. What I find brilliant about this online course is that it is a true “lab”: you can create instances of the target website, attempt your own attacks, and review code as well as implement your own bug-fixes.
I know that at my university, we do not explicitly teach nor even offer a course on web security outside of simple IT / Unix concepts (i.e. user / file permissions with chmod, etc..). I found Google’s Gruyere lab powerful, educational, and best of all: helped me find several vulerabilities on CoreCodex and fix them! Check it out, can you find all the vulnerabilities:
