Restructured the baseline to remove extra src/main directory structure. Added eclipes project file

git-svn-id: http://webgoat.googlecode.com/svn/branches/webgoat-6.0@485 4033779f-a91e-0410-96ef-6bf7bf53c507
2012-11-19 23:57:51 +00:00
parent fb938e0933
commit 6a96547ef0
1204 changed files with 85 additions and 2 deletions
--- a/webapp/lesson_plans/English/MultiLevelLogin1.html
+++ b/webapp/lesson_plans/English/MultiLevelLogin1.html
@ -0,0 +1,20 @@
+<div align="Center">
+<p><b>Lesson Plan Title:</b> Multi Level Login 1</p>
+</div>
+<p><b>Concept / Topic To Teach:</b> </p>
+<!-- Start Instructions -->
+A Multi Level Login should provide a strong authentication. 
+This is archived by adding a second layer. After having 
+logged in with your user name and password you are asked
+for a 'Transaction Authentication Number' (TAN). This is 
+often used by online banking. You get a list with a lots 
+of TANs generated only for you by the bank. Each TAN is used only once. 
+Another method is to provide the TAN by SMS. This has
+the advantage that an attacker can not get TANs provided
+by the user.
+<p><b>General Goal(s):</b> </p>
+In this Lesson you try to get around the strong authentication. 
+You have to break into another account. The user name, password and a 
+already used TAN is provided. You have to make sure
+the server accept the TAN even it is already used.
+<!-- Stop Instructions -->