Restructured the baseline to remove extra src/main directory structure. Added eclipes project file

git-svn-id: http://webgoat.googlecode.com/svn/branches/webgoat-6.0@485 4033779f-a91e-0410-96ef-6bf7bf53c507
2012-11-19 23:57:51 +00:00
parent fb938e0933
commit 6a96547ef0
1204 changed files with 85 additions and 2 deletions
--- a/webapp/lesson_plans/English/SilentTransactions.html
+++ b/webapp/lesson_plans/English/SilentTransactions.html
@ -0,0 +1,24 @@
+<div align="Center"> 
+<p><b>Lesson Plan Title:</b> How to Perform Silent Transactions Attacks. </p>
+ </div>
+ 
+<p><b>Concept / Topic To Teach:</b> </p>
+This lesson teaches how to perform silent transactions attacks.
+ <br> 
+<div align="Left"> 
+<p>
+<b>How the attacks works:</b>
+</p>
+Any system that silently processes transactions using a single submission is dangerous to the client. 
+For example, if a normal web application allows a simple URL submission, a preset session attack will 
+allow the attacker to complete a transaction without the user<65>s authorization. 
+In Ajax, it gets worse: the transaction is silent; it happens with no user feedback on the page, 
+so an injected attack script may be able to steal money from the client without authorization.<br>
+</div>
+<p><b>General Goal(s):</b> </p>
+<!-- Start Instructions -->
+* This is a sample internet banking application - money transfer page.<br>
+* It shows below your balance, the account you are transferring to and amount you will transfer.<br>
+* The application uses AJAX to submit the transaction after doing some basic client side validations.<br>
+* Your goal is to try to bypass the user's authorization and silently execute the transaction.<br>
+<!-- Stop Instructions -->