Testing Blog
GTAC: Call for Attendance & Proposals
Sunday, May 16, 2010
Google Test Automation Conference (GTAC) 2010
Call for Attendance & Proposals
We are happy to announce that the application process is now open for Attendance and Proposals for the Fifth Google Test Automation Conference (
GTAC
), to be held in Hyderabad, India on October 28 - 29th.
As in previous years, GTAC is an
invitation only
conference where we enable sharing of great ideas and active participation to challenge and refine our thoughts and experiences. As such the the application process expects you to share your ideas and insights that you would bring to the conference and how these would further the discussion about this year’s theme of
Test to Testability
. This information will help the committee select a balanced audience of seasoned practitioners, students and academics.
Also this year, we are introducing a
participant-driven
format that will give the power to the attendees to select and voice their opinion on the speakers and the content! To make these changes, we are opening up proposals and attendance applications simultaneously. Once the initial set of participants are finalized, we will conduct online viewing and voting by the participants for presentations.
How to apply
For Attendance: Please visit
http://www.gtac.biz/call-for-attendance
For Proposals (to present): Please visit
http://www.gtac.biz/call-for-proposals
Deadline
The due date for both categories of applications is
July 9th, 2010
.
Registration Fees
There are no registration fees. Please check the FAQ page for more information.
Further information
General website:
http://www.gtac.biz/
Call for proposals:
http://www.gtac.biz/call-for-proposals
Call for attendance:
http://www.gtac.biz/call-for-attendance
FAQ:
http://www.gtac.biz/faq
Questions: Email us at
gtac-2010@google.com
We look forward to your applications and a great GTAC!
Finally we would appreciate your help in helping us spread the word about this event.
Regards
Sujay Sahni
on behalf of the
GTAC 2010 Committee
Do Know Evil
Thursday, May 6, 2010
Web Application Exploits and Defenses
by Bruce Leban in Google Kirkland
http://google-gruyere.appspot.com/
If you want your application to be as secure as possible, you need to
learn how Evil People think.
And you'll want to use that knowledge to
do penetration testing:
attacking your own application to try to find bugs.
To help you
understand ho
w applications can be attacked
and how to protect them from attack,
we've created the
“Web Application Exploits and Defenses” codelab
.
Th
e codelab uses
Gruyere
, a small, cheesy, web application that is full of real world bugs.
In the codelab, you'll learn how to:
Attack a web application
to find and exploit common web security vulnerabilities.
Avoid and fix these common bugs.
Gruyere is chock full of cool features, and
the more features
an application has
th
e larger the attac
k surface.
Your application probably has features just like these:
Can you match each feature to the vulnerability that it exposes and the exploit it enables?
Feature
New template language
HTML allowed in snippets
File upload capability
AJAX
Web-based admin console
Vulnerability
Cross Site Scripting (XSS)
Cross Site Request Forgery (XSRF)
Cross Site Script Inclusion (XSSI)
Path traversal
Client-state manipulation
Exploit
Information disclosure
Elevation of privilege
Denial of Service (DoS)
Spoofing
Code execution
Ha! Tricked you! Each of these features introduces multiple vulnerabilities. And each vulnerability can be exploited in multiple ways.
The codelab walks you step by step through each vulnerability
,
with progressive hints guiding you on how to find them, how to exploit them and how to avoid them.
Here are
some
examples of
fictitious
attacks
against Google applications. Do you recognize them? (answers below)
http://www.gmail.com/?search=in:spam+%3Cscript%3EmoveToInbox(selectAll())%3C/script%3E
http://www.blogger.com/delete-blog.g
http://www.picasa.com/../../../../../../../etc/passwd
http://www.youtube.com/admin?v=Vr0oK3gMzK&action=rickroll
http://checkout.google.com/buy?order=4815162342&total=0.01
Are you sure that your application isn't vulnerable to similar attacks!?
Check out the
Toilet-Friendly Version for the answers
Labels
Aaron Jacobs
1
Adam Porter
1
Alan Faulkner
1
Alan Myrvold
1
Alberto Savoia
4
Alek Icev
2
Alex Eagle
1
Allen Hutchison
6
Andrew Trenk
8
Android
1
Anthony Vallone
25
Antoine Picard
1
APIs
2
App Engine
1
April Fools
2
Arif Sukoco
1
Bruce Leban
1
C++
11
Chaitali Narla
2
Christopher Semturs
1
Chrome
3
Chrome OS
2
Dave Chen
1
Diego Salas
2
Dmitry Vyukov
1
Dori Reuveni
1
Eduardo Bravo Ortiz
1
Ekaterina Kamenskaya
1
Erik Kuefler
3
Espresso
1
George Pirocanac
2
Google+
1
Goranka Bjedov
1
GTAC
54
Hank Duan
1
Harry Robinson
5
Havard Rast Blok
1
Hongfei Ding
1
James Whittaker
42
Jason Arbon
2
Jason Elbaum
1
Jason Huggins
1
Java
5
JavaScript
7
Jay Han
1
Jessica Tomechak
1
Jim Reardon
1
Jobs
14
Joe Allan Muharsky
1
Joel Hynoski
1
John Penix
1
John Thomas
3
Jonathan Rockway
1
Jonathan Velasquez
1
Julian Harty
5
Julie Ralph
1
Karin Lundberg
1
Kaue Silveira
1
Kevin Graney
1
Kirkland
1
Kurt Alfred Kluever
1
Lesley Katzen
1
Marc Kaplan
3
Mark Ivey
1
Mark Striebeck
1
Marko Ivanković
1
Markus Clermont
3
Michael Bachman
1
Michael Klepikov
1
Mike Wacker
1
Misko Hevery
32
Mobile
2
Mona El Mahdy
1
Noel Yap
1
Patricia Legaspi
1
Patrick Copeland
23
Patrik Höglund
5
Peter Arrenbrecht
1
Phil Rollet
1
Philip Zembrod
4
Pooja Gupta
1
Radoslav Vasilev
1
Rajat Dewan
1
Rajat Jain
1
Rich Martin
1
Richard Bustamante
1
Roshan Sembacuttiaratchy
1
Ruslan Khamitov
1
Sean Jordan
1
Sharon Zhou
1
Shyam Seshadri
4
Simon Stewart
2
Stephen Ng
1
Tejas Shah
1
Test Analytics
1
Tony Voellm
2
TotT
54
Vojta Jína
1
WebRTC
2
Yvette Nameth
2
Zhanyong Wan
6
Zuri Kemp
2
Archive
2015
December
November
October
August
June
May
April
March
February
January
2014
December
November
October
September
August
July
June
May
April
March
February
January
2013
December
November
October
August
July
June
May
April
March
January
2012
December
November
October
September
August
2011
November
October
September
August
July
June
May
April
March
February
January
2010
December
November
October
September
August
July
June
May
GTAC: Call for Attendance & Proposals
Do Know Evil
April
March
February
January
2009
December
November
October
September
August
July
June
May
April
February
January
2008
December
November
October
September
August
July
June
May
April
March
February
January
2007
October
September
August
July
June
May
April
March
February
January
Feed
Follow @googletesting
