From 69a93f30d2fc9a3ae2c8cc5bbf2080e103328513 Mon Sep 17 00:00:00 2001 From: Nanne Baars Date: Mon, 13 Dec 2021 12:58:59 +0100 Subject: [PATCH] update documentation --- .../en/BypassRestrictions_FieldRestrictions.adoc | 4 ++-- .../en/BypassRestrictions_FrontendValidation.adoc | 4 ++-- .../resources/lessonPlans/en/BypassRestrictions_Intro.adoc | 7 +++---- 3 files changed, 7 insertions(+), 8 deletions(-) diff --git a/webgoat-lessons/bypass-restrictions/src/main/resources/lessonPlans/en/BypassRestrictions_FieldRestrictions.adoc b/webgoat-lessons/bypass-restrictions/src/main/resources/lessonPlans/en/BypassRestrictions_FieldRestrictions.adoc index 4d103d6b3..edc411eda 100755 --- a/webgoat-lessons/bypass-restrictions/src/main/resources/lessonPlans/en/BypassRestrictions_FieldRestrictions.adoc +++ b/webgoat-lessons/bypass-restrictions/src/main/resources/lessonPlans/en/BypassRestrictions_FieldRestrictions.adoc @@ -1,6 +1,6 @@ == Field Restrictions -In most browsers, client has complete or almost complete control over HTML part +In most browsers, the client has complete or almost complete control over the HTML part of the webpage. They can alter values or restrictions to fit their preference. === Task -Send a request that bypasses restrictions of all four of these fields +Send a request that bypasses restrictions of all four of these fields. diff --git a/webgoat-lessons/bypass-restrictions/src/main/resources/lessonPlans/en/BypassRestrictions_FrontendValidation.adoc b/webgoat-lessons/bypass-restrictions/src/main/resources/lessonPlans/en/BypassRestrictions_FrontendValidation.adoc index 67b4dd857..cf966a179 100644 --- a/webgoat-lessons/bypass-restrictions/src/main/resources/lessonPlans/en/BypassRestrictions_FrontendValidation.adoc +++ b/webgoat-lessons/bypass-restrictions/src/main/resources/lessonPlans/en/BypassRestrictions_FrontendValidation.adoc @@ -1,7 +1,7 @@ == Validation -Often, there is some mechanism in place to prevent users from sending altered -field values to server, such as validation before sending. Most of popular browsers +There is often some mechanism in place to prevent users from sending altered +field values to the server, such as validation before sending. Most popular browsers such as Chrome don't allow editing scripts during runtime. We will have to circumvent the validation some other way. diff --git a/webgoat-lessons/bypass-restrictions/src/main/resources/lessonPlans/en/BypassRestrictions_Intro.adoc b/webgoat-lessons/bypass-restrictions/src/main/resources/lessonPlans/en/BypassRestrictions_Intro.adoc index e75483bc8..201de0cfc 100755 --- a/webgoat-lessons/bypass-restrictions/src/main/resources/lessonPlans/en/BypassRestrictions_Intro.adoc +++ b/webgoat-lessons/bypass-restrictions/src/main/resources/lessonPlans/en/BypassRestrictions_Intro.adoc @@ -1,11 +1,10 @@ == Concept -Users have a great degree of control over the front-end of the web application. -They can alter HTML code, sometimes also scripts. This is why -apps that require certain format of input should also validate on server-side. +Users have a great degree of control over the web application's front-end. +They can alter HTML code, sometimes also scripts. Applications that require a certain input format should also validate on the server-side. == Goals * The user should have a basic knowledge of HTML -* The user should be able to tamper a request before sending (with proxy or other tool) +* The user should be able to tamper with a request before sending (with proxy or other tools) * The user will be able to tamper with field restrictions and bypass client-side validation