dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

* Hints added

Browse Source 
* Solutions added
* Bugfixes
* Introduction added (including how to start with webgoat and useful tools)
* New lesson: Password strength
* New lessons: Multi Level Login
* Not yet working new lesson: Session fixation (inital release)

git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@301 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
wirth.marcel
2008-04-07 14:28:38 +00:00
parent 84f01ba70a
commit 5d930ec235
137 changed files with 4230 additions and 479 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
main/project/WebContent/lesson_solutions/FailOpenAuthentication.html
View File

@ -597,7 +597,7 @@ style='font-family:"Arial","sans-serif"'> Abusing error handling.<o:p></o:p></sp
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>This lesson presents
the basics for understanding the &quot;fail open&quot; condition regarding
authentication. The security term, <EFBFBD>fail open<EFBFBD> describes a behavior of a
authentication. The security term, "fail open" describes a behavior of a
verification mechanism. This is when an error (i.e. unexpected exception)
occurs during a verification method causing that method to evaluate to true.
This is especially dangerous during login. <o:p></o:p></span></p>
@ -653,7 +653,7 @@ style='font-family:"Arial","sans-serif"'>Solution:<o:p></o:p></span></b></p>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Enter user
name webgoat and click <EFBFBD>Login<EFBFBD>. Intercept the request with WebScarab.<o:p></o:p></span></p>
name webgoat and click "Login". Intercept the request with WebScarab.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
@ -675,7 +675,7 @@ field-end'></span><![endif]--> Intercepted request<span style='font-family:
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Click on the
variable <EFBFBD>Password<EFBFBD> and click <EFBFBD>Delete<EFBFBD>. Click <EFBFBD>Accept changes<EFBFBD>.<o:p></o:p></span></p>
variable "Password" and click "Delete". Click "Accept changes".<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
@ -696,7 +696,7 @@ field-end'></span><![endif]--> Password variable is deleted</p>
<p class=MsoNormal><o:p>&nbsp;</o:p></p>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>You are now
<EFBFBD>authenticated<EFBFBD> as WebGoat.<o:p></o:p></span></p>
"authenticated" as WebGoat.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>