

Google: Web Application Exploits and Defenses - emilepetrone
http://google-gruyere.appspot.com/

======
roadnottaken
This is very interesting. I'm a little conflicted about whether the benefit of
distributing this info outweighs the risks of teaching anyone how to hack a
website. There are certainly LOTS of vulnerable websites still out there...

~~~
patio11
The bad guys already know this stuff, or are capable of searching teh G00gelz
for l33t hackorz skriptz which will automate e.g. trying SQL injections or
pulling cookies out of your wifi. The good guys, on the other hand, need all
the help they can get (including, for example, being reminded that one can
easily pull cookies out of your wifi).

In a related vein, there is WebGoat, a Java application which is designed to
be compromised.

~~~
tptacek
I'm not a fan of WebGoat. If you're seriously going to spend some time beating
up an application to learn appsec --- and I highly recommend you do --- drop
me an email and I'll give you a better target.

