Skip to main content

Google’s XSS game tests your web security IQ (update)


Google has openly stated that it takes web security very seriously, but the company might be playing around a bit by releasing a browser-based challenge created to test developers’ understanding of XSS. Allegedly made by Google’s security team, the game features six levels that resemble real world applications vulnerable to XSS. Players are tasked with finding a level’s problem and exploiting its weakness.

The game is designed for developers who aren’t too proficient in security, so most experts will likely breeze through the first few levels, but still may learn a thing or two along the way. Playable from just about any modern browser, we’ve successfully tried the game in Firefox, Safari and of course Chrome.

After conquering all six levels of the game, players are able to leave feedback about their experience and as a reward for your success, you’ll receive an ASCII art cake. We’ve reached out to Google to verify if the game actually came from Mountain View and we’ll update this news article once we receive confirmation.

In the meantime, if you’re up to the challenge, head on over to the game area to test your skills. Remember, you’re not only fighting for security, you’re fighting for cake!

Update: A Google rep confirmed with us that the game was made by the company’s security team.


(Thanks Florian!)

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel