Google just announced the release of Jarlsberg, a microblogging app specifically designed to be full of bugs and security flaws.The app is being released through Google Labs and Google Code University as a security tutorial for coders. Google is encouraging programmers to try their hands at exploiting weaknesses in Jarlsberg as a way of teaching them how to avoid similar vulnerabilities in their own code.
In the wake of all the bad press associated with Chinese hackers successfully gaining access to private Google data, it makes sense for the search giant to show it takes security seriously.
The code comes with a strongly-worded disclaimer:
WARNING: Accessing or attacking a computer system without authorization is illegal in many jurisdictions. While doing this codelab, you are specifically granted authorization to attack the Jarlsberg application as directed. You may not attack Jarlsberg in ways other than described in this codelab, nor may you attack App Engine directly or any other Google service. You should use what you learn from the codelab to make your own applications more secure. You should not use it to attack any applications other than your own, and only do that with permission from the appropriate authorities (e.g., your company’s security team).
That’s all well and good, but if someone with more malice than knowhow were looking for instruction, this might be a good place to start.
Business Insider Emails & Alerts
Site highlights each day to your inbox.