dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

renamed JavaSource -> java, WebContent -> webapp regarding to Maven convention

Browse Source 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@392 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
ch.ko123
2009-11-01 11:04:59 +00:00
parent bb15524a7a
commit 791341000c
1033 changed files with 13 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
webgoat/main/project/webapp/lesson_plans/English/WeakSessionID.html Normal file
View File

@ -0,0 +1,9 @@
<div align="Center">
<p><b>Lesson Plan Title:</b> How to Hijack a Session</p>
</div>
<p><b>Concept / Topic To Teach:</b> </p>
<!-- Start Instructions -->
Application developers who develop their own session IDs frequently forget to incorporate the complexity and randomness necessary for security. If the user specific session ID is not complex and random, then the application is highly susceptible to session-based brute force attacks.
<p><b>General Goal(s):</b> </p>
Try to access an authenticated session belonging to someone else.
<!-- Stop Instructions -->