Don't Copy This Code

Tuesday, May 4, 2010

UPDATE July 13: We have changed the name of the codelab application to Gruyere. The codelab is now located at

Normally, when we release source code we're hoping that other people will build on it and improve it. Today's release of Gruyere, a small yet full-featured microblogging application, is a code release of a different sort entirely.

Gruyere has one feature that most applications usually do their best to avoid: lots of security bugs.

In fact, Gruyere was written specifically to teach about security. More specifically, it is a tool to show how to exploit web applications and, in turn, protect against those exploits when developing software. Gruyere is the software component of the "Web Application Exploits and Defenses" codelab being released today on Google Labs in cooperation with Google Code University. The codelab walks participants through a number of common web application vulnerability types and demonstrates how an attacker could exploit such vulnerabilities.

So while we don't want you to copy the code in Gruyere, we do hope you'll check it out and learn from it.