dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update documentation

Browse Source
This commit is contained in:
Nanne Baars
2021-12-13 12:38:41 +01:00
committed by Nanne Baars
parent d41d21b2e6
commit 0658fcefcd
3 changed files with 11 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
webgoat-lessons/auth-bypass/src/main/resources/lessonPlans/en/bypass-intro.adoc
View File

@ -1,15 +1,15 @@
== Authentication Bypasses
Authentication Bypasses happen in many ways, but usually take advantage of some flaw in the configuration or logic. Tampering to achieve the right conditions.
Authentication Bypasses happen in many ways but usually take advantage of some flaw in the configuration or logic. Tampering to achieve the right conditions.
=== Hidden inputs
The simplest form is a reliance on a hidden input that is in the web page/DOM.
The simplest form is a reliance on a hidden input in the web page/DOM.
=== Removing Parameters
Sometimes, if an attacker doesn't know the correct value of a parameter, they may remove the parameter from the submission altogether to see what happens.
Sometimes, if an attacker doesn't know the correct value of a parameter, they may remove it from the submission altogether to see what happens.
=== Forced Browsing
If an area of a site is not protected properly by configuration, that area of the site may be accessed by guessing/brute-forcing.
If an area of a site is not appropriately protected by configuration, that area of the site may be accessed by guessing/brute-forcing.