From 600c6203ef83374e2b0bd9bbdc94815c8976e40b Mon Sep 17 00:00:00 2001 From: Benedikt - Desktop Date: Sun, 18 Nov 2018 15:32:09 +0100 Subject: [PATCH] Changed the lesson plans of all the XSS lessons. --- .../en/CrossSiteScriptingMitigation_plan.adoc | 8 +++----- .../en/CrossSiteScriptingStored_plan.adoc | 13 +++---------- .../lessonPlans/en/CrossSiteScripting_plan.adoc | 9 ++++----- 3 files changed, 10 insertions(+), 20 deletions(-) diff --git a/webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en/CrossSiteScriptingMitigation_plan.adoc b/webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en/CrossSiteScriptingMitigation_plan.adoc index 4a562e0dc..55cf9b486 100644 --- a/webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en/CrossSiteScriptingMitigation_plan.adoc +++ b/webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en/CrossSiteScriptingMitigation_plan.adoc @@ -1,15 +1,13 @@ == Concept -This lesson describes what is Cross-Site Scripting (XSS) and how it can be manipulated to perform tasks that were not the original intent of the developer. +After learning what Cross-Site Scripting (XSS) is and how it works, +you will know learn how you can defend against it. == Goals -* The user should have a basic understand how XSS works. * The user will understand the best practices for defending against XSS injection attacks * The user will demonstrate knowledge on: -** Reflected XSS Injection -** Stored XSS Injection -** Dom-Based XSS Injection +** XSS Mitigation diff --git a/webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en/CrossSiteScriptingStored_plan.adoc b/webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en/CrossSiteScriptingStored_plan.adoc index 4a562e0dc..864479cb1 100644 --- a/webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en/CrossSiteScriptingStored_plan.adoc +++ b/webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en/CrossSiteScriptingStored_plan.adoc @@ -1,15 +1,8 @@ == Concept -This lesson describes what is Cross-Site Scripting (XSS) and how it can be manipulated to perform tasks that were not the original intent of the developer. +After taking a look at Reflected XSS in the previous lesson. We're now gonna take a closer look at another form of Cross Site Scripting Attack: Stored CSS. == Goals - -* The user should have a basic understand how XSS works. -* The user will understand the best practices for defending against XSS injection attacks +* The user will learn what Stored XSS is * The user will demonstrate knowledge on: -** Reflected XSS Injection -** Stored XSS Injection -** Dom-Based XSS Injection - - - +** Stored XSS Injection \ No newline at end of file diff --git a/webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en/CrossSiteScripting_plan.adoc b/webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en/CrossSiteScripting_plan.adoc index 4a562e0dc..14dd8131c 100644 --- a/webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en/CrossSiteScripting_plan.adoc +++ b/webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en/CrossSiteScripting_plan.adoc @@ -1,15 +1,14 @@ == Concept -This lesson describes what is Cross-Site Scripting (XSS) and how it can be manipulated to perform tasks that were not the original intent of the developer. +This lesson describes what Cross-Site Scripting (XSS) is and how it can be used to perform tasks that were not the original intent of the developer. == Goals -* The user should have a basic understand how XSS works. -* The user will understand the best practices for defending against XSS injection attacks +* The user should have a basic understanding of what XSS is and how it works +* The user will learn what Reflected XSS is * The user will demonstrate knowledge on: ** Reflected XSS Injection -** Stored XSS Injection -** Dom-Based XSS Injection +** DOM-based XSS Injection