dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added bug report

Browse Source 
Added message for missing solutions
Minor edits to lesson plans

git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@353 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
mayhew64
2008-07-11 00:05:05 +00:00
parent 536d29e78a
commit 084c43381b
9 changed files with 61 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
main/project/WebContent/lesson_plans/TomcatSetup.html
View File

@ -78,7 +78,20 @@ only discussed the whitebox approach. You have to add following lines to the Hos
</pre>
<p>In this case only localhost, ip1 and ip2 are permitted to connect.</p>
<h2>Users Configuration</h2>
<h2>WebGoat Default Users and Roles for Tomcat</h2>
<p>
WebGoat requires the following users and roles to be configured in order for the application to run.
<br/>
<pre>
&gt;role rolename="webgoat_basic"/&lt;
&gt;role rolename="webgoat_admin"/&lt;
&gt;role rolename="webgoat_user"/&lt;
&gt;user username="webgoat" password="webgoat" roles="webgoat_admin"/&lt;
&gt;user username="basic" password="basic" roles="webgoat_user,webgoat_basic"/&lt;
&gt;user username="guest" password="guest" roles="webgoat_user"/&lt;
</pre>
</p>
<h2>Adding Users</h2>
<p>
Usually using WebGoat you just use the user guest with the password guest.
But maybe in laboratory you have made a setup with one server and a lot of
@ -93,8 +106,8 @@ Adding a user is straight forward. You can use the guest entry as an example. Th
users should have the same role as the guest user. Add lines like this to the file:
</p>
<pre>
&lt;user name=&quot;user1&quot; password=&quot;password1&quot; roles=&quot;webgoat_user&quot;/&gt;
&lt;user name=&quot;user2&quot; password=&quot;password2&quot; roles=&quot;webgoat_user&quot;/&gt;
&lt;user name=&quot;student1&quot; password=&quot;password1&quot; roles=&quot;webgoat_user&quot;/&gt;
&lt;user name=&quot;student2&quot; password=&quot;password2&quot; roles=&quot;webgoat_user&quot;/&gt;
...
</pre>

9
main/project/WebContent/lesson_plans/UsefulTools.html
View File

@ -2,12 +2,11 @@
<!-- Start Instructions -->
<h1>Useful Tools</h1>
<p>
Below is a list of tools we've found useful in solving the WebGoat lessons. You will need WebScarab
to solve most of the lessons. </p>
Below is a list of tools we've found useful in solving the WebGoat lessons. You will need WebScarab or Paros to solve most of the lessons. </p>
<h2>WebScarab:</h2>
<p>
Like WebGoat, WebScarab is a part of OWASP.
WebScarab is a framework for analyzing applications that
WebScarab is a proxy for analyzing applications that
communicate using the HTTP and HTTPS protocols. Because WebScarab
operates as an intercepting proxy, we can review and modify requests
and responses.<br><br>
@ -22,7 +21,7 @@ Webpage:<a href="http://www.getfirebug.com" target="_blank">http://www.getfirebu
<br><br>
<h2>IEWatch:</h2>
<p>
IEWatch is a tool to analyse HTTP and HTML for users of the Internet Explorer.<br><br>
IEWatch is a tool to analyze HTTP and HTML for users of the Internet Explorer.<br><br>
<img src="/WebGoat/images/introduction/iewatch.jpg"><br><br>
Webpage:<a href="http://www.iewatch.com" target="_blank">http://www.iewatch.com</a>
</p>
@ -37,7 +36,7 @@ Webpage:<a href="http://www.wireshark.org" target="_blank">http://www.wireshark.
<h2>Scanner:</h2>
<p>
There exist a lot of vulnerability scanner for your own web applications. They can find XSS, Injection Flaws and other vulnerabilities. Here the links to two open source scanner. <br><br>
There are many vulnerability scanners for your own web applications. They can find XSS, Injection Flaws and other vulnerabilities. Below are links to two open source scanner. <br><br>
Nessus:<a href="http://www.nessus.org" target="_blank">http://www.nessus.org</a><br>
Paros:<a href="http://www.parosproxy.org" target="_blank">http://www.parosproxy.org</a><br>
</p>