Changed the lesson plans of all the XSS lessons.

2018-11-18 15:32:09 +01:00 · 2018-11-18 15:32:09 +01:00 · 600c6203ef
commit 600c6203ef
parent fffbb3c804
3 changed files with 10 additions and 20 deletions
--- a/webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en/CrossSiteScriptingMitigation_plan.adoc
+++ b/webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en/CrossSiteScriptingMitigation_plan.adoc
@ -1,15 +1,13 @@
 == Concept 

-This lesson describes what is Cross-Site Scripting (XSS) and how it can be manipulated to perform tasks that were not the original intent of the developer.
+After learning what Cross-Site Scripting (XSS) is and how it works,
+you will know learn how you can defend against it.

 == Goals

-* The user should have a basic understand how XSS works.
 * The user will understand the best practices for defending against XSS injection attacks
 * The user will demonstrate knowledge on:
-** Reflected XSS Injection
-** Stored XSS Injection
-** Dom-Based XSS Injection
+** XSS Mitigation



--- a/webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en/CrossSiteScriptingStored_plan.adoc
+++ b/webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en/CrossSiteScriptingStored_plan.adoc
@ -1,15 +1,8 @@
 == Concept 

-This lesson describes what is Cross-Site Scripting (XSS) and how it can be manipulated to perform tasks that were not the original intent of the developer.
+After taking a look at Reflected XSS in the previous lesson. We're now gonna take a closer look at another form of Cross Site Scripting Attack: Stored CSS.

 == Goals
-
-* The user should have a basic understand how XSS works.
-* The user will understand the best practices for defending against XSS injection attacks
+* The user will learn what Stored XSS is
 * The user will demonstrate knowledge on:
-** Reflected XSS Injection
-** Stored XSS Injection
-** Dom-Based XSS Injection
-
-
-
+** Stored XSS Injection
--- a/webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en/CrossSiteScripting_plan.adoc
+++ b/webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en/CrossSiteScripting_plan.adoc
@ -1,15 +1,14 @@
 == Concept 

-This lesson describes what is Cross-Site Scripting (XSS) and how it can be manipulated to perform tasks that were not the original intent of the developer.
+This lesson describes what Cross-Site Scripting (XSS) is and how it can be used to perform tasks that were not the original intent of the developer.

 == Goals

-* The user should have a basic understand how XSS works.
-* The user will understand the best practices for defending against XSS injection attacks
+* The user should have a basic understanding of what XSS is and how it  works
+* The user will learn what Reflected XSS is
 * The user will demonstrate knowledge on:
 ** Reflected XSS Injection
-** Stored XSS Injection
-** Dom-Based XSS Injection
+** DOM-based XSS Injection