renamed main->src regarding to Maven conventions

git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@394 4033779f-a91e-0410-96ef-6bf7bf53c507
2009-11-01 11:54:43 +00:00
parent c1f2360a35
commit 5119e65791
1048 changed files with 11 additions and 0 deletions
--- a/src/main/webapp/lesson_plans/English/WeakAuthenticationCookie.html
+++ b/src/main/webapp/lesson_plans/English/WeakAuthenticationCookie.html
@ -0,0 +1,12 @@
+<div align="Center"> 
+<p><b>Lesson Plan Title:</b> How to Spoof an Authentication Cookie </p>
+ </div>
+ 
+<p><b>Concept / Topic To Teach:</b> </p>
+
+Many applications will automatically log a user into their site if the right authentication cookie is specified. &nbsp; Some times the cookie values can be guessed if the algorithm for generating the cookie can be obtained. &nbsp;Some times the cookies are left on the client machine and can be stolen by exploiting another system vulnerability. &nbsp;Some times the cookies maybe intercepted using Cross site scripting. &nbsp;This lesson tries to make the student aware of authentication cookies and presents the student with a way to defeat the cookie authentication method in this lesson.<br>
+<p><b>General Goal(s):</b> </p>
+<!-- Start Instructions -->
+ The user should be able to bypass the authentication check.
+Login using the webgoat/webgoat account to see what happens. You may also try aspect/aspect. When you understand the authentication cookie, try changing your identity to alice.
+<!-- Stop Instructions -->