Difference between revisions of "Google Gruyere"
Jump to navigation
Jump to search
LHaidinger (talk | contribs) (Created page with "== Summary == Google Gruyere is an educational codelab developed by Bruce Leban, Mugdha Bendre, and Parisa Tabriz to demonstrate common security vulnerabilities in web applications and provide solutions to these problems. It serves as a practical platform for learning how to identify and avoid security risks. == Requirements == * Operating system: Not specific, as it is web-based * Additional software: An up-to-date web browser == Description == === Step 1 === Vis...") |
LHaidinger (talk | contribs) |
||
Line 1: | Line 1: | ||
== Summary == | == Summary == | ||
[[File:Gruyere 1.png|400px|thumb|Google Gruyere; source: https://googlegruyere.appspot.com/static/gruyere.png]] | |||
Google Gruyere is an educational codelab developed by Bruce Leban, Mugdha Bendre, and Parisa Tabriz to demonstrate common security vulnerabilities in web applications and provide solutions to these problems. It serves as a practical platform for learning how to identify and avoid security risks. | Google Gruyere is an educational codelab developed by Bruce Leban, Mugdha Bendre, and Parisa Tabriz to demonstrate common security vulnerabilities in web applications and provide solutions to these problems. It serves as a practical platform for learning how to identify and avoid security risks. |
Revision as of 08:52, 15 December 2023
Summary
Google Gruyere is an educational codelab developed by Bruce Leban, Mugdha Bendre, and Parisa Tabriz to demonstrate common security vulnerabilities in web applications and provide solutions to these problems. It serves as a practical platform for learning how to identify and avoid security risks.
Requirements
- Operating system: Not specific, as it is web-based
- Additional software: An up-to-date web browser
Description
Step 1
Visit the website [1] and follow the instructions to start the exercises.
Step 2
Make sure to read
- War and Peace
- Lord of the Rings
- The Baroque Cycle
Concepts used
- Cross-Site Scripting (XSS)
- Client-State Manipulation
- Cross-Site Request Forgery (XSRF)
- Cross Site Script Inclusion (XSSI)
- Path Traversal
- Denial of Service (DoS)
- Code Execution
- Configuration Vulnerabilities
- AJAX Vulnerabilities