Restructured the baseline to remove extra src/main directory structure. Added eclipes project file

git-svn-id: http://webgoat.googlecode.com/svn/branches/webgoat-6.0@485 4033779f-a91e-0410-96ef-6bf7bf53c507
2012-11-19 23:57:51 +00:00
parent fb938e0933
commit 6a96547ef0
1204 changed files with 85 additions and 2 deletions
--- a/webapp/lesson_plans/English/DBCrossSiteScripting.html
+++ b/webapp/lesson_plans/English/DBCrossSiteScripting.html
@ -0,0 +1,24 @@
+<div align="Center">
+<p><b>Lesson Plan Title:</b> How to Perform Cross Site Scripting
+(XSS)</p>
+</div>
+<p><b>Concept / Topic To Teach:</b></p>
+<!-- Start Instructions -->
+It is always a good practice to scrub all inputs, especially those
+inputs that will later be used as parameters to OS commands, scripts,
+and database queries. It is particularly important for content that will
+be permanently stored somewhere. Users should not be able to create
+message content that could cause another user to load an undesirable
+page or undesirable content when the user's message is retrieved.
+<br>
+XSS can also occur when unvalidated user input is used in an HTTP
+response. In a reflected XSS attack, an attacker can craft a URL with
+the attack script and post it to another website, email it, or otherwise
+get a victim to click on it.
+<!-- Stop Instructions -->
+<p><b>General Goal(s):</b></p>
+For this exercise, you will perform a stored XSS attack.
+You will also implement code changes in the database to defeat
+these attacks.
+<br>
+