Refactored files to Maven standard Layout
Added plugin to produce executable jar. Now it is easy to run webgoat on all platforms.
This commit is contained in:
Dave
24
src/main/webapp/lesson_plans/en/DBCrossSiteScripting.html
Normal file
24
src/main/webapp/lesson_plans/en/DBCrossSiteScripting.html
Normal file
@ -0,0 +1,24 @@
|
||||
<div align="Center">
|
||||
<p><b>Lesson Plan Title:</b> How to Perform Cross Site Scripting
|
||||
(XSS)</p>
|
||||
</div>
|
||||
<p><b>Concept / Topic To Teach:</b></p>
|
||||
<!-- Start Instructions -->
|
||||
It is always a good practice to scrub all inputs, especially those
|
||||
inputs that will later be used as parameters to OS commands, scripts,
|
||||
and database queries. It is particularly important for content that will
|
||||
be permanently stored somewhere. Users should not be able to create
|
||||
message content that could cause another user to load an undesirable
|
||||
page or undesirable content when the user's message is retrieved.
|
||||
<br>
|
||||
XSS can also occur when unvalidated user input is used in an HTTP
|
||||
response. In a reflected XSS attack, an attacker can craft a URL with
|
||||
the attack script and post it to another website, email it, or otherwise
|
||||
get a victim to click on it.
|
||||
<!-- Stop Instructions -->
|
||||
<p><b>General Goal(s):</b></p>
|
||||
For this exercise, you will perform a stored XSS attack.
|
||||
You will also implement code changes in the database to defeat
|
||||
these attacks.
|
||||
<br>
|
||||
|
||||
Reference in New Issue
Block a user