Fixed Typos
This commit is contained in:
Tobias-Melzer
Nanne Baars
parent
84f67b5a7e
commit
7daaac9a3f
@ -1,6 +1,6 @@
|
||||
== Try It! Using the Console
|
||||
|
||||
Let's try it. Use the console in the dev tools and call the javascript function *webgoat.customjs.phoneHome*. +
|
||||
Let's try it. Use the console in the dev tools and call the javascript function *webgoat.customjs.phoneHome()*. +
|
||||
You should get a response in the console. Your result should look something like:
|
||||
`phone home said
|
||||
{"lessonCompleted:true, ... ,"output":"phone home response is..."`
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
== Try It! Working with the Newtork Tab
|
||||
== Try It! Working with the Network Tab
|
||||
|
||||
In this Assignment you need to find a specific HTTP request and read a randomized number from it.
|
||||
To start click the first button, to generate an HTTP Request. Try to find this specific HTTP request.
|
||||
To start click the first button, this wil generate an HTTP Request. Try to find the specific HTTP request.
|
||||
The request should contain a field: `magic_num:`
|
||||
Copy the number which is displayed afterwards, into the input field below and click on the check button.
|
||||
@ -2,16 +2,16 @@
|
||||
|
||||
In the console tab you can see anything, which a loaded JavaScript file may have printed out to it.
|
||||
Don't worry if you see something in red. While that is an error, it has probably resolved itself.
|
||||
Through the Console Tab, it is also possible for you to run your own line of javascript code.
|
||||
Through the console tab, it is also possible for you to run your own line of javascript code.
|
||||
|
||||
Start by clearing console using the shortcut CTRL+L.
|
||||
Start by clearing console using the shortcut `CTRL+L`.
|
||||
|
||||
To run your own JavaScript. Simply click inside of the console, write something like:
|
||||
`console.log("Hello WebGoat!");` and hit enter. Hello WebGoat should now appear in your console.
|
||||
You can also do some basic arithmetic, with the console. If you type for example `1+3` and hit
|
||||
To run your own JavaScript, simply click inside of the console and write something like:
|
||||
`console.log("Hello WebGoat!");` Hit enter. Hello WebGoat should now appear in your console.
|
||||
The console also allows you to do some basic arithmetic. If you type for example `1+3` and hit
|
||||
enter the console should display 4.
|
||||
|
||||
Note: The `undefined` that may also appear in the console if you hit enter. You can safely ignore this Statement,
|
||||
it does only mean, that the JavaScript function you have called did not return anything, therefor `undefined`.
|
||||
Note: You may see an `undefined` in the console. You can safely ignore this statement,
|
||||
it only means, that the JavaScript function you have called did not return anything, therefor `undefined`.
|
||||
|
||||
image::images/ChromeDev_Console_Ex.jpg[DeveloperToolsConsoleExample,500,500,style="lesson-image"]
|
||||
@ -1,12 +1,12 @@
|
||||
== The Elements Tab
|
||||
|
||||
The Elements Tab allows you to look at the HTML and CSS code, that are used to define and style the Website.
|
||||
The elements tab allows you to look at the HTML and CSS code, that are used to define and style the Website.
|
||||
|
||||
=== HTML Source
|
||||
|
||||
If you hover over one line you can see a part of the website turns blue. That means that
|
||||
If you hover over one line you can see that a part of the website turns blue. That means that
|
||||
this particular HTML line defines this section of the Website.
|
||||
The Elements tab allows you to make changes to every single HTML element. For example if you click inside
|
||||
The elements tab allows you to make changes to every single HTML element. For example if you click inside
|
||||
a Paragraph (<p>...</p>) Tag you can edit the content of the website. If you have made your changes and then click enter
|
||||
Chrome will actually update the website to show your edits. You can also change the HTML Tag used,
|
||||
the classes and id's a tag has and much more.
|
||||
|
||||
@ -1,11 +1,11 @@
|
||||
== Google Chrome Developer Tools
|
||||
|
||||
To complete certain assignments you sometimes may have to look at the JavaScript
|
||||
source code or run a JavaScript Command on your own.
|
||||
To do that Google Chrome has a set of tools which allows to do that and much much more.
|
||||
source code or run a JavaScript command on your own.
|
||||
To do that Google Chrome has a set of tools which allows you to do that and much much more.
|
||||
While these tools are not specific to Google Chrome, almost every modern browser has a set
|
||||
of their own, our introduction will focus on the ones found in Google Chrome.
|
||||
You can however still use the Browser of your choice, like Firefox or Safari, although some steps of this tutorial
|
||||
You can however still use the browser of your choice, like Firefox or Safari, although some steps of this tutorial
|
||||
may be different for you.
|
||||
|
||||
Keep in mind that the following tutorial, is not there to teach everything there is about these tools.
|
||||
|
||||
@ -9,8 +9,8 @@ image::images/ChromeDev_Sources.jpg[DeveloperToolsSources,400,500,style="lesson-
|
||||
|
||||
In the Network tab you can view HTTP requests and responses the website has performed.
|
||||
If you want more detailed information on a particular request, just click on it.
|
||||
In the Timeline above the blue dots represent, when these requests and responses have been performed.
|
||||
You can also see the Requests done in a specific time frame, simply by clicking and dragging on the timeline. Now the Window
|
||||
In the Timeline above the blue dots represent when these requests and responses have been performed.
|
||||
You can also see the Requests done in a specific time frame, simply by clicking and dragging on the timeline. Now the window
|
||||
below, will only show the requests and responses done in that particular time frame.
|
||||
|
||||
image::images/ChromeDev_Network.jpg[DeveloperToolsNetwork,400,500,style="lesson-image"]
|
||||
@ -1,16 +1,16 @@
|
||||
== The Problem with Security Questions
|
||||
|
||||
While Security Questions my at first seem like a good way for authentication of a user, they
|
||||
While Security Questions my at first seem like a good way to do authentication, they
|
||||
have some big problems.
|
||||
|
||||
The "perfect" Security Question should be hard to crack, but easy to remember. Also the answer needs to fixed,
|
||||
so the answer must not be subject to change.
|
||||
The "perfect" security question should be hard to crack, but easy to remember. Also the answer needs to fixed,
|
||||
so it must not be subject to change.
|
||||
|
||||
There are only a handful of questions which satisfy these criteria and practically none which apply to anybody.
|
||||
|
||||
If you have to pick a security question, we recommend not answering them truthfully.
|
||||
|
||||
To further elaborate on the matter, there is a small assignment for you: There is a list of some common security questions.
|
||||
To further elaborate on the matter, there is a small assignment for you: There is a list of some common security questions down below.
|
||||
if you choose one, it will show to you why the question you picked is not really as good as one may think.
|
||||
|
||||
When you have looked at two questions the assignment will be marked as complete.
|
||||
@ -1,6 +1,6 @@
|
||||
== Try It! String SQL Injection
|
||||
|
||||
The query in the code builds a dynamic query as seen in the previous example. The query in the code builds a dynamic query by concatenating strings making it susceptible to String SQL injection:
|
||||
The query in the code builds a dynamic query as seen in the previous example. The query is build by concatenating strings making it susceptible to String SQL injection:
|
||||
|
||||
------------------------------------------------------------
|
||||
"select * from users where LOGIN_COUNT > 0 and FIRST_NAME = ‘" + userName + "'";
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user