Lesson Plan Title: How to Perform Cross Site Scripting +(XSS)
+Concept / Topic To Teach:
+ +It is always a good practice to scrub all inputs, especially those +inputs that will later be used as parameters to OS commands, scripts, +and database queries. It is particularly important for content that will +be permanently stored somewhere. Users should not be able to create +message content that could cause another user to load an undesirable +page or undesirable content when the user's message is retrieved. +General Goal(s):
+For this exercise, you will perform a stored XSS attack. +You will also implement code changes in the database to defeat +these attacks. +Lesson Plan Title: How to Perform SQL Injection
+Concept / Topic To Teach:
+ +It is always a good practice to scrub all inputs, especially those +inputs that will later be used as parameters to OS commands, scripts, +and database queries. Users should not be able to alter the intent of +commands that are executed on the server, in many cases as a privileged user. + +General Goal(s):
+For this exercise, you will perform a SQL Injection attack. +You will also implement code changes in the database to defeat +these attacks. +