bypass front-end restrictions (javascript validation)

webgoat-lessons/bypass-restrictions/src/main/resources/lessonPlans/en/BypassRestrictions_FieldRestrictions.adoc

@@ -0,0 +1,6 @@
+== Field Restrictions
+In most browsers, client has complete or almost complete control over HTML part
+of the webpage. They can alter values or restrictions to fit their preference.
+
+=== Task
+Send a request that bypasses restrictions of all four of these fields

webgoat-lessons/bypass-restrictions/src/main/resources/lessonPlans/en/BypassRestrictions_FrontendValidation.adoc

@@ -0,0 +1,8 @@
+== Validation
+Often, there is some mechanism in place to prevent users from sending altered
+field values to server, such as validation before sending. Most of popular browsers
+such as Chrome don't allow editing scripts during runtime. We will have to circumvent
+the validation some other way.
+
+=== Task
+Send a request that does not fit the regular expression above the field in all fields.

webgoat-lessons/bypass-restrictions/src/main/resources/lessonPlans/en/BypassRestrictions_Intro.adoc

@@ -0,0 +1,10 @@
+
+== Concept
+Users have a great degree of control over the front-end of the web application.
+They can alter HTML code, sometimes also scripts. This is why
+apps that require certain format of input should also validate on server-side.
+
+== Goals
+* The user should have a basic knowledge of HTML
+* The user should be able to tamper a request before sending (with proxy or other tool)
+* The user will be able to tamper with field restrictions and bypass client-side validation