dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added lesson (no content yet) for explaining nist password standards.

Browse Source
This commit is contained in:
Benedikt - Desktop 2018-12-02 17:35:20 +01:00 committed by Nanne Baars
parent b02a01d35e
commit 91e6f70919
10 changed files with 110 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
webgoat-lessons/pom.xml
View File

@ -37,6 +37,7 @@
<module>csrf</module>
<module>password-reset</module>
<module>ssrf</module>
<module>secure-passwords</module>
<!-- uncomment below to include lesson template in build, also uncomment the dependency in webgoat-server/pom.xml to have it run in the project fully -->
<!--<module>webgoat-lesson-template</module>-->
</modules>

11
webgoat-lessons/secure-passwords/pom.xml Normal file
View File

@ -0,0 +1,11 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<artifactId>secure-passwords</artifactId>
<packaging>jar</packaging>
<parent>
<groupId>org.owasp.webgoat.lesson</groupId>
<artifactId>webgoat-lessons-parent</artifactId>
<version>v8.0.0.SNAPSHOT</version>
</parent>
</project>

39
webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/plugin/SecurePasswords.java Normal file
View File

@ -0,0 +1,39 @@
package org.owasp.webgoat.plugin;
import com.beust.jcommander.internal.Lists;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson;
import java.util.List;
/**
* @author BenediktStuhrmann
* @since 12/2/18.
*/
public class SecurePasswords extends NewLesson {
@Override
public Category getDefaultCategory() {
return Category.AUTHENTICATION;
}
@Override
public List<String> getHints() {
return Lists.newArrayList();
}
@Override
public Integer getDefaultRanking() {
return 3;
}
@Override
public String getTitle() {
return "secure-passwords.title";
}
@Override
public String getId() {
return "SecurePasswords";
}
}

13
webgoat-lessons/secure-passwords/src/main/resources/html/SecurePasswords.html Normal file
View File

@ -0,0 +1,13 @@
<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:SecurePasswords_intro.adoc"></div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:SecurePasswords_1.adoc"></div>
</div>
</html>

1
webgoat-lessons/secure-passwords/src/main/resources/i18n/WebGoatLabels.properties Normal file
View File

@ -0,0 +1 @@
secure-passwords.title=Secure Passwords

35
webgoat-lessons/secure-passwords/src/main/resources/js/questions_cia.json Normal file
View File

@ -0,0 +1,35 @@
{
"questions": [{
"text": "How could an intruder harm the security goal of confidentiality?",
"solutions": {
"1": "By deleting all the databases.",
"2": "By stealing a database where general configuration information for the system is stored.",
"3": "By stealing a database where names and emails are stored and uploading it to a website.",
"4": "Confidentiality can't be harmed by an intruder."
}
}, {
"text": "How could an intruder harm the security goal of integrity?",
"solutions": {
"1": "By changing the names and emails of one or more users stored in a database.",
"2": "By listening to incoming and outgoing network traffic.",
"3": "By bypassing authentication mechanisms that are in place to manage database access.",
"4": "Integrity can only be harmed when the intruder has physical access to the database storage."
}
}, {
"text": "How could an intruder harm the security goal of availability?",
"solutions": {
"1": "By exploiting bugs in the systems software to bypass authentication mechanisms for databases.",
"2": "By redirecting emails with sensitive data to other individuals.",
"3": "Availability can only be harmed by unplugging the power supply of the storage devices.",
"4": "By launching a denial of service attack on the servers."
}
}, {
"text": "What happens if at least one of the CIA security goals is harmed?",
"solutions": {
"1": "A system can be considered safe until all the goals are harmed. Harming one goal has no effect on the systems security.",
"2": "The systems security is compromised even if only one goal is harmed.",
"3": "It's not that bad when an attacker reads or changes data, at least some data is still available, hence only when the goal of availability is harmed the security of the system is compromised.",
"4": "It shouldn't be a problem if an attacker changes data or makes it unavailable, but reading sensitive data is not tolerable. Theres only a problem when confidentiality is harmed."
}
}]
}

1
webgoat-lessons/secure-passwords/src/main/resources/lessonPlans/en/SecurePasswords_1.adoc Normal file
View File

@ -0,0 +1 @@
== 1

2
webgoat-lessons/secure-passwords/src/main/resources/lessonPlans/en/SecurePasswords_intro.adoc Normal file
View File

@ -0,0 +1,2 @@
== Secure Passwords

5
webgoat-server/pom.xml
View File

@ -210,6 +210,11 @@
<artifactId>ssrf</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.owasp.webgoat.lesson</groupId>
<artifactId>secure-passwords</artifactId>
<version>${project.version}</version>
</dependency>
<!--uncommment below to run/include lesson template in WebGoat Build-->
<!--<dependency>-->