From 9fdbbf69d69c5e25a121036c666079ae9e15a14e Mon Sep 17 00:00:00 2001 From: Cotonne Date: Wed, 16 Oct 2019 17:29:27 +0200 Subject: [PATCH] Proposition for fixing broken/improving links (#686) * As stated on enzoic.com: "PasswordPing is now Enzoic!" * Add references to other OWASP resources --- .../idor/src/main/resources/lessonPlans/en/IDOR_intro.adoc | 2 ++ .../src/main/resources/lessonPlans/en/SecurePasswords_1.adoc | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/webgoat-lessons/idor/src/main/resources/lessonPlans/en/IDOR_intro.adoc b/webgoat-lessons/idor/src/main/resources/lessonPlans/en/IDOR_intro.adoc index 5e48954b1..c9592f106 100644 --- a/webgoat-lessons/idor/src/main/resources/lessonPlans/en/IDOR_intro.adoc +++ b/webgoat-lessons/idor/src/main/resources/lessonPlans/en/IDOR_intro.adoc @@ -34,5 +34,7 @@ This of course can be checked or expanded beyond GET methods to view data, but t Before we go on to practice, here's some good reading on Insecure Direct Object References: * https://www.owasp.org/index.php/Testing_for_Insecure_Direct_Object_References_(OTG-AUTHZ-004) +* https://www.owasp.org/index.php/Top_10-2017_A5-Broken_Access_Control +* https://cheatsheetseries.owasp.org/cheatsheets/Insecure_Direct_Object_Reference_Prevention_Cheat_Sheet.html * https://www.owasp.org/index.php/Top_10_2013-A4-Insecure_Direct_Object_References * http://cwe.mitre.org/data/definitions/639.html diff --git a/webgoat-lessons/secure-passwords/src/main/resources/lessonPlans/en/SecurePasswords_1.adoc b/webgoat-lessons/secure-passwords/src/main/resources/lessonPlans/en/SecurePasswords_1.adoc index dc5c149b3..ca61d8c47 100644 --- a/webgoat-lessons/secure-passwords/src/main/resources/lessonPlans/en/SecurePasswords_1.adoc +++ b/webgoat-lessons/secure-passwords/src/main/resources/lessonPlans/en/SecurePasswords_1.adoc @@ -7,4 +7,4 @@ NIST develops Federal Information Processing Standards (FIPS) which the Secretar NIST also provides guidance documents and recommendations through its Special Publications (SP) 800-series. These guidelines often become the foundation for best practice recommendations across the security industry and are incorporated into other standards. -(Description from https://www.passwordping.com/surprising-new-password-guidelines-nist/) \ No newline at end of file +(Description from https://www.enzoic.com/surprising-password-guidelines-nist/)