Web Application Exploits and Defenses

The codelab is organized by types of vulnerabilities. In each section, you'll find a brief description of a vulnerability and a task to find an instance of that vulnerability in Jarlsberg. Your job is to play the role of a malicious hacker and find and exploit the security bugs. In this codelab, you'll use both black-box hacking and white-box hacking. In black box hacking, you try to find security bugs by experimenting with the application and manipulating input fields and URL parameters, trying to cause application errors, and looking at the HTTP requests and responses to guess server behavior. You do not have access to the source code, although understanding how to view source and being able to view http headers (as you can in Chrome or LiveHTTPHeaders for Firefox) is valuable. Using a web proxy like Burp or WebScarab may be helpful in creating or modifying requests. In white-box hacking, you have access to the source code and can use automated or manual analysis to identify bugs. You can treat Jarlsberg as if it's open source: you can read through the source code to try to find bugs. Jarlsberg is written in Python, so some familiarity with Python can be helpful. However, the security vulnerabilities covered are not Python-specific and you can do most of the lab without even looking at the code. You can run a local instance of Jarlsberg to assist in your hacking: for example, you can create an administrator account on your local instance to learn how administrative features work and then apply that knowledge to the instance you want to hack. Security researchers use both hacking techniques, often in combination, in real life.

via jarlsberg.appspot.com

An excellent resource for learning about coding defensively. Nice work Google :)

Posted via web from johnweldon4 - posterous

Mind Your Body: Going Through the Motions | Psychology Today

Athletes have long used mental imagery to complement physical practice, and research indicates that going through the motions only in your head can enhance performance just as well as—and sometimes better than—actually working up a sweat.

In one study at Texas A and M, medical students learning venipuncture received 30 minutes of guided physical practice followed by either 30 more minutes of practice, 30 minutes of guided mental imagery, or no more training. When tested, the first two groups performed better than the third, and just as well as each other. The same effect was seen in students learning to suture.

via psychologytoday.com

I wonder how this translates to programming? I mean, it's all mental already right? The physical acts of reading the screen, and typing words don't really contribute to the process much... it's just I/O :)

Of course there would probably be benefits in learning how to hold more information in your mind at once...

Posted via web from johnweldon4 - posterous

Does 'Freedom' ipso facto mean less government?

Interesting argument; counter-arguments after the link...

 

If freedom involves having a decent set of alternatives available to us, then government action can enhance our freedom even if it involves restraints on conduct that would not otherwise violate anyone’s rights. Consider traffic laws. Those of us who drive are constantly subjected to government dictates telling us what we can and cannot do. We can only drive on one side of the street. We have to stop at red lights and stop signs even when no one else is around. If freedom means only that government should not tell us what to do, then the traffic laws are a massive intrusion on our liberty.

I suspect that most people don’t see things that way, though. They probably agree with Elizabeth Anderson, from whom I have taken this example:

To be sure, in a state of gridlock, one has the formal freedom to choose any movement in one's opportunity set -- which amounts to being able to rock forward and back a couple of inches from bumper to bumper, getting nowhere. Some freedom!

Normally, the point of driving is to get somewhere. The traffic laws enable us to get where we are going much more quickly and safely than we would if each of us had to decide for him- or herself which side of the street to drive on. The traffic laws do not tell us where to go. They leave the choice of destination, and for that matter the decision whether to drive at all, entirely up to us. They simply tell us which side of the road to drive on, that we should stop at various points, and so forth. By taking away our freedom to drive on the left, or to blast through busy intersections, they grant us much more freedom in the form of a greatly enhanced ability to get wherever we want to go quickly and safely.

Anyone who thinks that the traffic laws enhance our freedom should acknowledge that in some cases, including this one, government action can enhance our freedom, even if that action takes the form of restrictions on what we can and cannot do. An enormous number of questions about which (other) forms of government action might enhance our freedom would remain to be answered, but the fact that some government policy involves either a more active government or new restrictions on our action would not, by itself, imply that it diminishes our freedom.

via thedemocraticstrategist.org

Posted via web from johnweldon4 - posterous