diff --git a/webgoat-lessons/client-side-filtering/src/main/resources/lessonPlans/en/ClientSideFiltering_assignment.adoc b/webgoat-lessons/client-side-filtering/src/main/resources/lessonPlans/en/ClientSideFiltering_assignment.adoc index 7a37818bf..dfb254dad 100644 --- a/webgoat-lessons/client-side-filtering/src/main/resources/lessonPlans/en/ClientSideFiltering_assignment.adoc +++ b/webgoat-lessons/client-side-filtering/src/main/resources/lessonPlans/en/ClientSideFiltering_assignment.adoc @@ -2,4 +2,4 @@ You are logged in as Moe Stooge, CSO of Goat Hills Financial. You have access to everyone in the company's information, except the CEO, Neville Bartholomew. Or at least you should not have access to the CEO's information. For this assignment, -examine the contents of the page to see what extra information you can find. \ No newline at end of file +examine the page's contents to see what extra information you can find. diff --git a/webgoat-lessons/client-side-filtering/src/main/resources/lessonPlans/en/ClientSideFiltering_plan.adoc b/webgoat-lessons/client-side-filtering/src/main/resources/lessonPlans/en/ClientSideFiltering_plan.adoc index 36615a13e..ed118faf9 100644 --- a/webgoat-lessons/client-side-filtering/src/main/resources/lessonPlans/en/ClientSideFiltering_plan.adoc +++ b/webgoat-lessons/client-side-filtering/src/main/resources/lessonPlans/en/ClientSideFiltering_plan.adoc @@ -1,6 +1,6 @@ == Client side filtering -It is always a good practice to send to the client only information which they are supposed +It is always a good practice to send only information to the client they are supposed to have access to. In this lesson, too much information is being sent to the client, creating -a serious access control problem. For this exercise, your mission is exploit the extraneous information being returned -by the server to discover information to which you should not have access. \ No newline at end of file +a serious access control problem. For this exercise, your mission is to exploit the extraneous information returned +by the server to discover information to which you should not have access.