WEB-126 Updated all introduction lessons

src/main/webapp/lesson_plans/English/HowToWork.html

@@ -1,29 +1,23 @@
 <!-- Start Instructions -->
 <h1>How To Work With WebGoat</h1>
 <p>
-Welcome to a short introduction to WebGoat.<br> 
-Here you will learn how to use WebGoat and additional tools for the lessons.<br><br>
+Welcome to a brief overview of WebGoat.<br> 
 </p>
 <h2>Environment Information</h2>
 <p>
-WebGoat uses the Apache Tomcat server. It is configured to run on localhost although this can be
-easily changed. This
-configuration is for single user, additional users can be added in the tomcat-users.xml file. 
-If you want to use WebGoat in a laboratory or in 
-class you might need to change this setup. Please refer to the Tomcat Configuration 
-in the Introduction section.</p>
+WebGoat uses the Apache Tomcat server but can run in any application server. It is configured to run on 
+localhost although this can be easily changed. </p>
 
 <h2>The WebGoat Interface</h2>
 <p>
-<img src="images/introduction/interface.jpg"><br><br>
+<img src="images/introduction/interface.png"><br><br>
 1. These are Lesson Categories in WebGoat. Click on a Category to see all Lessons in it.<br>
-2. This will show technical hints to solve the lesson.<br>
-3. This will show the HTTP Request Parameters<br>
-4. This will show the HTTP Request Cookies<br>
-5. This will show goals and objectives of the lesson.<br>
-6. This will show the underlying Java source code.<br>
-7. This will show the complete solution of the selected lesson.<br>
-8. If you want to restart a lesson you can use this link.</p>
+2. This will show the underlying Java source code.<br>
+3. This will show the complete solution of the selected lesson.<br>
+4. This will show goals and objectives of the lesson.<br>
+5. This will show technical hints to solve the lesson.<br>
+6. This will show the HTTP request data<br>
+7. If you want to restart a lesson you can use this link.</p>
 <h2>Solve The Lesson</h2>
 <p>
 Always start with the lessons plan. Then try to solve the lesson and if necessary, 
@@ -32,12 +26,48 @@ solution for complete details.</p>
 <h2>Read And Edit Parameters</h2>
 <p>
 To read and edit Parameters you need a local proxy to intercept the HTTP request. 
-Here we use WebScarab. More information on WebScarab can be found in the "Useful Tools" Chapter.
+Here we use OWASP ZAP. More information on ZAP can be found in the "Useful Tools" Chapter.
 </p>
 <h2>Read And Edit Cookies</h2>
 <p>
 Often it is not only necessary to change the value of the parameters but to change the value of cookies.
-WebScarab has functionality for this as well.
+OWASP ZAP has functionality for this as well.
 
 </p>
+
+<h2>Configuring new WebGoat users</h2>
+<p>
+WebGoat uses spring-security.xml to configure users.
+<br/>
+  <pre>
+&lt;!-- Authentication Manager --&gt;
+&lt;authentication-manager alias="authenticationManager"&gt;
+  &lt;authentication-provider&gt;
+    &lt;user-service&gt;
+      &lt;user name="guest" password="guest" authorities="ROLE_WEBGOAT_USER" /&gt;
+      &lt;user name="webgoat" password="webgoat" authorities="ROLE_WEBGOAT_ADMIN" /&gt;
+      &lt;user name="server" password="server" authorities="ROLE_SERVER_ADMIN" /&gt;
+    &lt;/user-service&gt;
+  &lt;/authentication-provider&gt;
+&lt;/authentication-manager&gt;  
+  </pre>
+</p>
+<h2>Adding Users</h2>
+<p>
+Usually using WebGoat you just use the user guest with the password guest.
+But maybe in laboratory you have made a setup with one server and a lot of
+clients. In this case you might want to have a user for every client
+ and you have to alter /WEB-INF/spring-security.xml as the users are stored there. <b>We recommend not to use real passwords 
+as the passwords are stored in plain text in this file!</b>
+</p>
+<h3>Add User</h3>
+<p>
+Adding a user is straight forward. You can use the guest entry as an example. The added
+users should have the same role as the guest user. The new user/password will not show on the login page. 
+Add lines like this to the file:
+</p>
+<pre>
+&lt;user name="guest2" password="guest2" authorities="ROLE_WEBGOAT_USER" /&gt;
+...
+</pre>
 <!-- Stop Instructions -->

src/main/webapp/lesson_plans/English/TomcatSetup.html

@@ -78,41 +78,6 @@ only discussed the whitebox approach. You have to add following lines to the Hos
 </pre>
 <p>In this case only localhost, ip1 and ip2 are permitted to connect.</p>
 
-<h2>Configuring new WebGoat users</h2>
-<p>
-WebGoat uses spring-security.xml to configure users.
-<br/>
-  <pre>
-    &lt;!-- Authentication Manager --&gt;
-    &lt;authentication-manager alias="authenticationManager"&gt;
-        &lt;authentication-provider&gt;
-            &lt;user-service&gt;
-                &lt;!-- TODO: credentials in the config - this isn't something I'm proud of - get rid of this ASAP --&gt; 
-                &lt;user name="guest" password="guest" authorities="ROLE_WEBGOAT_USER" /&gt;
-                &lt;user name="webgoat" password="webgoat" authorities="ROLE_WEBGOAT_ADMIN" /&gt;
-                &lt;user name="server" password="server" authorities="ROLE_SERVER_ADMIN" /&gt;
-            &lt;/user-service&gt;
-        &lt;/authentication-provider&gt;
-    &lt;/authentication-manager&gt;  
-  </pre>
-</p>
-<h2>Adding Users</h2>
-<p>
-Usually using WebGoat you just use the user guest with the password guest.
-But maybe in laboratory you have made a setup with one server and a lot of
-clients. In this case you might want to have a user for every client
- and you have to alter /WEB-INF/spring-security.xml as the users are stored there. <b>We recommend not to use real passwords 
-as the passwords are stored in plain text in this file!</b>
-</p>
-<h3>Add User</h3>
-<p>
-Adding a user is straight forward. You can use the guest entry as an example. The added
-users should have the same role as the guest user. The new user/password will not show on the login page. 
-Add lines like this to the file:
-</p>
-<pre>
-                &lt;user name="guest2" password="guest2" authorities="ROLE_WEBGOAT_USER" /&gt;
-	...
-</pre>
+
 
 <!-- Stop Instructions -->