dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- Introduced user registration

Browse Source 
- Now using Spring Boot for classloading, this way local development does not need to restart the complete server
- Fixed all kinds of dependencies on the names of the lessons necessary to keep in mind during the creation of a lesson.
- Simplied loading of resources, by adding resource mappings in MvcConfig.
- Refactored plugin loading, now only one class is left for loading the lessons.
This commit is contained in:
Nanne Baars
2017-02-25 12:15:07 +01:00
parent 9b86aaba05
commit 259fd19c1b
221 changed files with 1179 additions and 1083 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_content4.adoc Normal file
View File

@ -0,0 +1,17 @@
== Severity of SQL Injection
=== The severity of SQL Injection attacks is limited by
* Attackers skill and imagination
* Defense in depth countermeasures
** Input validation
** Least privilege
* Database technology
=== Not all databases support command chaining
* Microsoft Access
* MySQL Connector/J and C
* Oracle
=== Not all databases are equal (SQL Server)
* Command shell: `master.dbo.xp_cmdshell 'cmd.exe dir c:'`
* Reqistry commands: `xp_regread`, `xp_regdeletekey`, …