Google Spearheads Course in Hacking

Dennis Faas's picture

Google has designed a new course that teaches students how to hack. Those students of Google's "Web Application Exploits and Defenses codelab" will learn how hackers uncover security vulnerabilities and exploit web applications.

Jarlsberg Application: The 'Sitting Duck'

The entire codelab uses a program called Jarlsberg as the perfect example of a "sitting duck" target. Similarly named as the kind of cheese filled with holes, Jarlsberg is a small, yet full-featured microblogging application with plenty of security holes to boot.

While the Jarlsberg application allows users to publish text and store files, it continues to be pestered with viruses such as denial of service (DoS) attacks. Among the other known vulnerabilities in the application is information disclosure and remote code execution. (Source:

Obviously, Google is not attempting to turn a new generation of end-users into hacking specialists. The company hopes to show how hackers operate, with a focus on helping developers protect applications.

Black Hat, White Hat Methods

To do this, students will perpetuate two different kinds of hacking techniques: using what is commonly referred to as black hat and white hat  hacking. While the names might sound primitive, they can be very effective methods for online deviants.

Black hat hacking is a manner in which people attempt to locate security bugs by experimenting with Jarlsberg, manipulating input fields and URL parameters. Students will also be asked to 'wreak havoc' on the system, causing application errors and monitoring HTTP requests and responses to estimate the behavior of the server. (Source:

On the other hand, there is the white hat hacking method. This style of hackery requires users to peruse Jarlsberg source code in an attempt to locate bugs. These bugs may also be located using automated or manual analysis.

Naturally, Google is shouldering a great deal of ethical responsibility in equipping students with this kind of information. The company is urging all parties involved in the Jarlsberg experiment to use their experiences to make their own applications more secure and to never use their knowledge of hacking practices to attack of any other application.

Rate this article: 
No votes yet