dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

* Hints added

Browse Source 
* Solutions added
* Bugfixes
* Introduction added (including how to start with webgoat and useful tools)
* New lesson: Password strength
* New lessons: Multi Level Login
* Not yet working new lesson: Session fixation (inital release)

git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@301 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
wirth.marcel
2008-04-07 14:28:38 +00:00
parent 84f01ba70a
commit 5d930ec235
137 changed files with 4230 additions and 479 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
main/project/WebContent/lesson_solutions/SilentTransactions.html
View File

@ -627,7 +627,7 @@ attacks works:</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></
silently processes transactions using a single submission is dangerous to the
client. For example, if a normal web application allows a simple URL
submission, a preset session attack will allow the attacker to complete a
transaction without the user<EFBFBD>s authorization. In Ajax, it gets worse: the
transaction without the user's authorization. In Ajax, it gets worse: the
transaction is silent; it happens with no user feedback on the page, so an
injected attack script may be able to steal money from the client without
authorization.<o:p></o:p></span></p>