Jarlsberg – A web app testing lab from Google
Thank you Google! A new and very effective way to learn web application security from the developer point of view has been announced: Jarlsberg .
The application is a vulnerable web application coded in Python that pentesters or web developer can try to hack from different perspectives: Black box testing, White hat testing through code inspection (addressed to Python coders)
To get the most out of this lab, you should have some familiarity with how a web application works (e.g., general knowledge of HTML, templates, cookies, AJAX, etc.).
Pre-requisites are a basic understanding of every technique that anyway is not explained as in a training course. However, if you’re familiar with web app vulnerabilities finding & exploitation process this will be a nice playground.
The initiative seems well done as it covers a good deal of techniques from the various types of XSS to XSRF and path traversal. The process begins with the request (free) of an account that results in the creation of a new sandboxed Jarlsberg application for you to hack.
Google has done a good job of spreading awareness in the best possible way: by getting end-user’s hands dirty.