dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updated stage descriptions to avoid duplication

Browse Source 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@159 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
rogan.dawes 2007-07-11 12:51:53 +00:00
parent 2bda4a81f3
commit 402fe9d95c
3 changed files with 14 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/CrossSiteScripting.java
View File

@ -155,42 +155,36 @@ public class CrossSiteScripting extends GoatHillsFinancial
String stage = getStage(s);
if (STAGE1.equals(stage))
{
instructions = getStage(s)
+ ": Execute a Stored Cross Site Scripting (XSS) attack.<br>"
instructions = "Execute a Stored Cross Site Scripting (XSS) attack.<br>"
+ "For this exercise, your mission is to cause the application to serve a script of your making "
+ " to some other user.";
}
else if (STAGE2.equals(stage))
{
instructions = getStage(s)
+ ": Block Stored XSS using Input Validation.<br>"
instructions = "Block Stored XSS using Input Validation.<br>"
+ "You will modify the application to perform input validation on the vulnerable input field "
+ "you just exploited.";
}
else if (STAGE3.equals(stage))
{
instructions = getStage(s)
+ ": Execute a previously Stored Cross Site Scripting (XSS) attack.<br>"
instructions = "Execute a previously Stored Cross Site Scripting (XSS) attack.<br>"
+ "The application is still vulnerable to scripts in the database. Trigger a pre-stored "
+ "script by logging in as employee 'David' and viewing Bruce's profile.";
}
else if (STAGE4.equals(stage))
{
instructions = getStage(s)
+ ": Block Stored XSS using Output Encoding.<br>"
instructions = "Block Stored XSS using Output Encoding.<br>"
+ "Encode data served from the database to the client so that any scripts are rendered harmless.";
}
else if (STAGE5.equals(stage))
{
instructions = getStage(s)
+ ": Execute a Reflected XSS attack.<br>"
instructions = "Execute a Reflected XSS attack.<br>"
+ "Your goal here is to craft a link containing a script which the application will "
+ "serve right back to any client that activates the link.";
}
else if (STAGE6.equals(stage))
{
instructions = getStage(s)
+ ": Block Reflected XSS using Input Validation.<br>"
instructions = "Block Reflected XSS using Input Validation.<br>"
+ "Use the input validation techniques learned ealier in this lesson to close the vulnerability "
+ "you just exploited.";
}

16
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java
View File

@ -140,35 +140,27 @@ public class RoleBasedAccessControl extends GoatHillsFinancial
String stage = getStage(s);
if (STAGE1.equals(stage))
{
instructions = "Stage "
+ getStage(s)
+ ": Breaking functional access control.<br>"
instructions = "Breaking functional access control.<br>"
+ "You should be able to login as a regular employee and delete another user's employee "
+ "profile, even though that is supposed to be an HR-only function.";
}
else if (STAGE2.equals(stage))
{
instructions = "Stage "
+ getStage(s)
+ ": Implementing access control in the Business Layer<br>"
instructions = "Implementing access control in the Business Layer<br>"
+ "Access control has already been implemented in the Presentation Layer, but as we have just "
+ "seen, this is not enough. Implement access control in the Businesss Layer to verify "
+ "authorization to use the Delete function before actually executing it.";
}
else if (STAGE3.equals(stage))
{
instructions = "Stage "
+ getStage(s)
+ ": Breaking data access control.<br>"
instructions = "Breaking data access control.<br>"
+ "Data Layer access control is being already done on the staff list, but it has not been "
+ "globally implemented. Take advantage of this to login as a regular employee and view the "
+ "CEO's employee profile.";
}
else if (STAGE4.equals(stage))
{
instructions = "Stage "
+ getStage(s)
+ ": Implementing access control in the Data Layer.<br>"
instructions = "Implementing access control in the Data Layer.<br>"
+ "Implement Data Layer access control to prevent unauthorized (and potentially career threatening) "
+ "access to employee personal data.";
}

16
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java
View File

@ -148,9 +148,7 @@ public class SQLInjection extends GoatHillsFinancial
String stage = getStage(s);
if (STAGE1.equals(stage))
{
instructions = "Stage "
+ getStage(s)
+ ": Use String SQL Injection to bypass authentication. "
instructions = "Use String SQL Injection to bypass authentication. "
+ "The goal here is to login as the user "
+ PRIZE_EMPLOYEE_NAME
+ ", who is in the Admin group. "
@ -158,26 +156,20 @@ public class SQLInjection extends GoatHillsFinancial
}
else if (STAGE2.equals(stage))
{
instructions = "Stage "
+ getStage(s)
+ ": Use a parameterized query.<br>"
instructions = "Use a parameterized query.<br>"
+ "A dynamic SQL query is not necessary for the login function to work. Change login "
+ "to use a parameterized query to protect against malicious SQL in the query parameters.";
}
else if (STAGE3.equals(stage))
{
instructions = "Stage "
+ getStage(s)
+ ": Use Integer SQL Injection to bypass access control.<br>"
instructions = "Use Integer SQL Injection to bypass access control.<br>"
+ "The goal here is to view the CEO's employee profile, again, even with data access "
+ "control checks in place from a previous lesson. "
+ "As before, you do not have the password, but the form is SQL injectable.";
}
else if (STAGE4.equals(stage))
{
instructions = "Stage "
+ getStage(s)
+ ": Use a parameterized query again.<br>"
instructions = "Use a parameterized query again.<br>"
+ "Change the ViewProfile function to use a parameterized query to protect against "
+ "malicious SQL in the numeric query parameter.";
}