At Google, we know very well how important these bugs are. In fact, Google is so serious about finding and fixing XSS issues that we are paying mercenaries up to $7,500 for dangerous XSS bugs discovered in our most sensitive products.
In this training program, you will learn to find and exploit XSS bugs. You'll use this knowledge to confuse and infuriate your adversaries by preventing such bugs from happening in your applications.
There will be cake at the end of the test.
?
What's this all about?
This security game consists of several levels resembling real-world applications which are vulnerable to XSS - your task will be to find the problem and attack the apps, similar to what an evil hacker might do.XSS bugs are common because they have a nasty habit of popping up wherever a webapp deals with untrusted input. Our motivation is to highlight common coding patterns which lead to XSS to help you spot them in your code.
Who can play?
The game is designed primarily for developers working on Web applications who do not specialize in security. If you're a connoisseur of online hacking challenges you'll find the first few levels quite easy, but you just might learn something useful along the way.You'll need a modern browser which supports Javascript and cookies.
Is it possible to cheat at this game?
Yes, since this is a browser-based game, you will be able to cheat by messing with the page internals in developer tools or editing HTTP traffic.However, we're sure that you won't have to resort to that -- there are hints and source to guide you. And as your teacher once told you:you would only be cheating yourself ;-)