Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Helping Developers Understand Security - Spot the Vuln - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Helping Developers Understand Security - Spot the Vuln

If you follow SANS Application Security blog (aka as the SANS Application Security Street Fighter blog) you know about an initiative focused on helping developers to understand security while having fun. Security challenges are a very didactic tool for this specific purpose.

The Spot the Vuln blog (by Brett Harding & Billy Rios)  "...uses code snippets from open source applications to demonstrate vulnerabilities in real world web applications. Every Monday morning (8:00am PST) a vulnerable code snippet is posted. Take a look at the vulnerable code and try to identify where the security vulnerability is. Every Friday (8:00am PST), a solution is posted so you can check your answers. Each exercise is designed to last between 5 and 10 minutes. Do it while you drink your morning coffee and you will be on your way to writing more secure applications."

What about including these weekly challenges in your software security program, so that developers, development managers, and QA staff can test their source code analysis skills and enjoy security by solving them? This week challenge is about... Imagination.

Most challenges up to now have covered different programming languages (PHP, Java, JavaScript, ActionScript) and multiple security vulnerabilities (XSS, SQLi, LDAPi, RFI/LFI, CRLFi, redirections...).

Raul Siles
Founder and Senior Security Analyst with Taddong

Raul Siles

152 Posts
Jul 5th 2011

Sign Up for Free or Log In to start participating in the conversation!