dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Moved remotely

Browse Source 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@15 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
mayhew64
2006-09-30 13:41:26 +00:00
parent 0465a6d6aa
commit 98949c00d8
155 changed files with 0 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
webgoat/main/project/WebContent/lesson_plans/JavaScriptValidation.html Normal file
View File

@ -0,0 +1,10 @@
<div align="Center">
<p><b>Lesson Plan Title:</b> How to Bypass Client Side JavaScript Validation </p>
</div>
<p><b>Concept / Topic To Teach:</b> </p>
<!-- Start Instructions -->
Client-side validation should not be considered a secure means of validating parameters. These validation only help reduce the amount of server processing time for normal users who do not know the format of required input. Attackers can bypass these mechanisms easily in various ways. Any client-side validation should be duplicated on the server side. This will greatly reduce the likelyhood of insecure parameter values being used in the application.
<!-- Stop Instructions -->
<br>
<p><b>General Goal(s):</b> </p>
For this exercise, the web site requires that you follow certain rules when you fill out a form. The user should be able to break those rules, and send the website input that it wasn't expecting. <br>