Want To Beat Hackers At Their Own Game?

September 24, 2011 in Technology, Web design/development with 0 Comments

gruyere

Don’t ever assume that you are safe from hacker attacks. Even some of the biggest companies and agencies out there like Sony or even the CIA have been vulnerable to hacker attacks. The best course of action is to make sure your own site is not left open to attacks. To exploit further vulnerabilities, you will also need to learn how to find and fix other bugs that may have a significant impact to your site like denial-of-service, information disclosure, or remote code execution.

What can you do? Well first, you need to understand how Web security exploits work and guard against them. There is a codelab application called Gruyere that allows you to beat hackers at their own game. In other words, you can find your site’s vulnerabilities before they can. The site explains that you will need to have some familiarity with HTML, templates, cookies, etc., to get the most out of the lab. The aim of the lab is to help you discover the bugs and learn ways to fix them.  You will also learn more about how an application can be attacked using common web security vulnerabilities, like cross-site scripting vulnerabilities (XSS) and cross-site request forgery (XSRF).

It is crucial to remember that hacking (attacking a computer without authorization)in any instance is illegal. You will be granted authorization to attack Gruyere only as directed but you should not use it to attack other applications.

Setup:

To access Gruyere, go to http://google-gruyere.appspot.com/start. AppEngine will start a new instance of Gruyere for you, assign it a unique id and redirect you to http://google-gruyere.appspot.com/123/ (where 123 is your unique id). Each instance of Gruyere is “sandboxed” from the other instances so your instance won’t be affected by anyone else using Gruyere. You’ll need to use your unique id instead of 123 in all the examples. If you want to share your instance of Gruyere with someone else (e.g., to show them a successful attack), just share the full URL with them including your unique id.

The Gruyere source code is available online so that you can use it for white-box hacking. You can browse the source code at http://google-gruyere.appspot.com/code/ or download all the files from http://google-gruyere.appspot.com/gruyere-code.zip. If want to debug it or actually try fixing the bugs, you can download it and run it locally. You do not need to run Gruyere locally in order to do the lab.

 

-Written by Sharren

Share on FacebookShare on Twitter
Pin it on PinterestShare on LinkedInShare on TumblrSubmit to StumbleUponhttp://blog.nugenerationwebdesign.com/wp-content/uploads/2011/09/11-300x246.jpgDigg ThisShare via email

Related posts:

  1. Mozilla Firefox Add-ons That Protect Your Privacy

About Sharren: Sharren is a passionate blogger, IT Professional, and the Founder of It's a NuGeneration. She is also a graduate of .NET Development with a passion for the Arts, Entertainment, and Life & Culture.

All Posts by  |  Twitter  |  Facebook  |  Share By Email

Switch to our mobile site

Disclaimer