dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add a new lesson "How to add a new lesson" under new category "New Lessons"

Browse Source 
Modified the existing lessons to present the solution in the last hint

git-svn-id: http://webgoat.googlecode.com/svn/trunk@31 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
sherif.fathy
2006-11-11 22:41:42 +00:00
parent e5b3b00b0f
commit 99779ea2e9
9 changed files with 46 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
webgoat/main/project/WebContent/WEB-INF/webgoat-class.properties
View File

@ -44,6 +44,9 @@ lesson.SoapRequest.ranking=10
lesson.WSDLScanning.ranking=20
lesson.WsSqlInjection.ranking=30
category.New\ Lesson.category.ranking=111
lesson.HowToAddNewLesson.ranking=10
lesson.WeakSessionID.hidden=true
lesson.BufferOverflow.hidden=true
lesson.BlindSqlInjection.hidden=true

3
webgoat/main/project/WebContent/WEB-INF/webgoat-lmc.properties
View File

@ -41,6 +41,9 @@ lesson.SoapRequest.ranking=10
lesson.WSDLScanning.ranking=20
lesson.WsSqlInjection.ranking=30
category.New\ Lesson.category.ranking=111
lesson.HowToAddNewLesson.ranking=10
lesson.WeakSessionID.hidden=true
lesson.BufferOverflow.hidden=true
lesson.BlindSqlInjection.hidden=true

25
webgoat/main/project/WebContent/lesson_plans/NewLesson.html Normal file
View File

@ -0,0 +1,25 @@
<div align="Center">
<p><b>Lesson Plan Title:</b> How to Add a New WebGoat Lesson </p>
</div>
<p><b>Concept / Topic To Teach:</b> </p>
<!-- Start Instructions -->
Adding lessons to WebGoat is very easy. If you have an idea that would be suitable<br>
for a new lesson, follow these few simple instructions:<br><br>
* Download the source code from <a href="http://sourceforge.net/project/showfiles.php?group_id=64424&package_id=61824">here.</a><br><br>
* Setup framework: follow the simple instructions in "HOW TO create the WebGoat workspace.txt" that comes with the project.<br><br>
* You need to add two files for each class: <br>
&nbsp;&nbsp;- YourLesson.java to org.owasp.webgoat.lessons<br>
&nbsp;&nbsp;- YourLesson.html to WebContent/lesson_plans<br><br>
* YourLesson class implmenet LessonAdapter and override the following methods:<br>
&nbsp;- createContent: Use the <a href="http://jakarta.apache.org/site/downloads/downloads_ecs.cgi">ECS package</a> to develop HTML presented to the user.<br>
&nbsp;- getCategory: Returns the category for which this lesson belongs (XSS, Injection flaws..etc)<br>
&nbsp;- getHints: List of hints you would like to pass on to the users to point them to right direction.<br>
&nbsp;- getTitle: The title for your new lesson.<br>
&nbsp;- getCredits: Your name goes here.<br><br>
<!-- Stop Instructions -->
<br>
<p><b>General Goal(s):</b> </p>
The user should be able to learn how to add a new lesson.

16
webgoat/main/project/WebContent/lesson_plans/ParameterInjection.html
View File

@ -1,16 +0,0 @@
<div align="Center">
<p><b>Lesson Plan Title:</b> How to Perform Parameter Injection </p>
</div>
<p><b>Concept / Topic To Teach:</b> </p>
<!-- Start Instructions -->
Parameter&nbsp; injection attacks represent a serious threat to any parameter-driven site. The methods behind an attack are easy to learn and the damage caused can range from considerable to complete system compromise. Despite these risks an incredible number of systems on the internet are susceptible to this form of attack. <br>
<br>
Not only is it a threat easily instigated, it is also a threat that, with a little common-sense and forethought, can be almost totally prevented. This lesson will show the student several examples of parameter injection.<br>
<br>
It is always good practice to sanitize all input data, especially data that will used in OS command, scripts, and database queries.<br>
<!-- Stop Instructions -->
<br>
<p><b>General Goal(s):</b> </p>
The user should be able to execute any command on the hosting OS.