Google Gruyere's "Web Application Exploits and Defenses" is a highly-regarded, hands-on training tool designed to teach security vulnerabilities through a "cheesy" intentionally insecure microblogging application. It effectively combines black-box and white-box methods to teach critical flaws like XSS and CSRF, though some users find the reliance on Python 2.7 to be an outdated hurdle for local setup. For more details, visit Google Gruyere . Web Application Exploits and Defenses
Pedagogical design and learning goals
After all, the best defense is a well-trained offense. gruyere learn web application exploits defenses top
Based on the lessons learned from exploiting Gruyere, here are the you must bake into every web application. Google Gruyere's "Web Application Exploits and Defenses" is