git-svn-id: http://webgoat.googlecode.com/svn/trunk@14 4033779f-a91e-0410-96ef-6bf7bf53c507

2006-09-30 13:40:10 +00:00
parent 703e96efa0
commit 0465a6d6aa
155 changed files with 4408 additions and 0 deletions
--- a/webgoat/main/project/JavaSource/WebContent/lesson_plans/WeakSessionID.html
+++ b/webgoat/main/project/JavaSource/WebContent/lesson_plans/WeakSessionID.html
@ -0,0 +1,9 @@
+<div align="Center">
+<p><b>Lesson Plan Title:</b> How to Hijack a Session</p>
+</div>
+<p><b>Concept / Topic To Teach:</b> </p>
+<!-- Start Instructions -->
+Application developers who develop their own session ID frequently forget to incorporate the complexity and randomness necessary for security. If the user specific session id is not complex and random, then the application is highly susceptible to session-based brute force attacks.
+<p><b>General Goal(s):</b> </p>
+Try to access an authenticated session belonging to someone else.
+<!-- Stop Instructions -->