Developers now have an opportunity to find themselves at a place of a hacker with the new tutorial launched by Google. The company has released a free online tool that allows developers to exploit real security bugs in a mock web application.

Google's "Web Application Exploits and Defenses" codelab is based on Jarlsberg, the "small, cheesy web application," which is replete with flaws and bugs that could be exploited to take down webservers, perform remote code-execution attacks, and spring information-disclosure leaks. The application can be downloaded and run on a local machine to teach developers firsthand the perils of insecure coding. Jarlsberg is written in Python but that is not critical as there is no need for hackers to be too good at programming languages.

Using the tutorial developers or any wishing individual get practical experience in finding and fixing security bugs in the typical web application. The vulnerabilities featuring the application are grouped in classes: XSS, or cross-site scripting; CSRF, or cross-site request forgeries; and path traversal.