dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added Buffer Overflow lesson, added and updated solutions, fixed errors in lessons preventing them from being completed correctly

Browse Source 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@436 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
x71c4l@gmail.com
2011-08-12 03:00:27 +00:00
parent 662b976573
commit 87729bf9f4
110 changed files with 2590 additions and 1116 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
webgoat/src/main/webapp/lesson_solutions/Lab Access Control/Lab Add Business Layer Access Control.html
View File

@ -6,7 +6,7 @@
<link rel="stylesheet" type="text/css" href="lesson_solutions/formate.css">
</head>
<body>
<p><b>Lesson Plan Title:</b> How to Perform Cross Site Scripting (XSS)</p>
<p><b>Lesson Plan Title:</b> Role Based Access Control: Stage 2</p>
<p><b>Concept / Topic To Teach:</b><br/>
In role-based access control scheme, a role represents
@ -38,7 +38,7 @@ There is already a method called isAuthorized which you can use:
</p>
<pre><code>
//***************CODE HERE*************************
if(!isAuthorized(s, userId, requestedActionName))
if(!isAuthorized(s, getUserId(s), requestedActionName))
{
throw new UnauthorizedException();
}

6
webgoat/src/main/webapp/lesson_solutions/Lab Access Control/Lab Add Data Layer Access Control.html
View File

@ -6,7 +6,7 @@
<link rel="stylesheet" type="text/css" href="lesson_solutions/formate.css">
</head>
<body>
<p><b>Lesson Plan Title:</b> How to Perform Cross Site Scripting (XSS)</p>
<p><b>Lesson Plan Title:</b> Role Based Access Control: Stage 4</p>
<p><b>Concept / Topic To Teach:</b><br/>
In role-based access control scheme, a role represents
@ -39,11 +39,11 @@ Action has already a method called isAuthorizedForEmployee which you can use:
</p>
<pre><code>
//***************CODE HERE*************************
if(!isAuthorized(s, userId, requestedActionName))
if(!isAuthorized(s, getUserId(s), requestedActionName))
{
throw new UnauthorizedException();
}
if(!action.isAuthorizedForEmployee(s, userId, employeeId))
if(!action.isAuthorizedForEmployee(s, getUserId(s), s.getParser().getIntParameter(RoleBasedAccessControl.EMPLOYEE_ID, 0)))
{
throw new UnauthorizedException();
}

2
webgoat/src/main/webapp/lesson_solutions/Lab Access Control/Lab Bypass Business Layer Access Control.html
View File

@ -6,7 +6,7 @@
<link rel="stylesheet" type="text/css" href="lesson_solutions/formate.css">
</head>
<body>
<p><b>Lesson Plan Title:</b> How to Perform Cross Site Scripting (XSS)</p>
<p><b>Lesson Plan Title:</b> Role Based Access Control: Stage 1</p>
<p><b>Concept / Topic To Teach:</b><br/>
In role-based access control scheme, a role represents

2
webgoat/src/main/webapp/lesson_solutions/Lab Access Control/Lab Bypass Data Layer Access Control.html
View File

@ -6,7 +6,7 @@
<link rel="stylesheet" type="text/css" href="lesson_solutions/formate.css">
</head>
<body>
<p><b>Lesson Plan Title:</b> How to Perform Cross Site Scripting (XSS)</p>
<p><b>Lesson Plan Title:</b> Role Based Access Control: Stage 3</p>
<p><b>Concept / Topic To Teach:</b><br/>
In role-based access control scheme, a role represents