dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed problems with answers and updated the lesson plan page

Browse Source
This commit is contained in:
nbaars 2014-09-15 20:59:49 +02:00
parent 0da280c4f8
commit a8500cdedb
2 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/main/java/org/owasp/webgoat/lessons/PasswordStrength.java
View File

@ -84,10 +84,10 @@ public class PasswordStrength extends LessonAdapter
} }
private boolean checkSolution(WebSession s) throws ParameterNotFoundException { private boolean checkSolution(WebSession s) throws ParameterNotFoundException {
boolean allCorrect = false; boolean allCorrect = true;
for ( int i = 0; i < passwords.size(); i++ ) { for ( int i = 1; i <= passwords.size(); i++ ) {
String key = "pass" + i; String key = "pass" + i;
allCorrect = allCorrect && s.getParser().getStringParameter(key, "").equals(passwords.get(key)); allCorrect = allCorrect && s.getParser().getStringParameter(key, "").equals(passwords.get(key).answer);
} }
return allCorrect; return allCorrect;
} }
@ -108,6 +108,7 @@ public class PasswordStrength extends LessonAdapter
if (checkSolution(s)) if (checkSolution(s))
{ {
makeSuccess(s); makeSuccess(s);
ec.addElement(new BR());
ec.addElement(new StringElement("As a guideline not bound to a single solution.")); ec.addElement(new StringElement("As a guideline not bound to a single solution."));
ec.addElement(new BR()); ec.addElement(new BR());
ec.addElement(new StringElement("Assuming the calculations per second 4 billion: ")); ec.addElement(new StringElement("Assuming the calculations per second 4 billion: "));

5
src/main/webapp/lesson_plans/English/PasswordStrength.html
View File

@ -3,8 +3,9 @@
</div> </div>
<p><b>Concept / Topic To Teach:</b> </p> <p><b>Concept / Topic To Teach:</b> </p>
<!-- Start Instructions --> <!-- Start Instructions -->
Accounts are only as secure as their passwords. Most users have the same weak password everywhere. If you want to protect them against brute-force-attacks your application should have good requirements for passwords. The password should contain lower case letters, capitals and numbers. The longer the password, the better. Accounts are only as secure as their passwords. Most users have the same weak password everywhere. If you want to protect them against brute-force-attacks your application should have good requirements for passwords. The password should contain lower case letters, capitals, numbers and special characters. The longer the password, the better, consider using a passphrase instead. For
more information see: <a href="https://www.owasp.org/index.php/Authentication_Cheat_Sheet#Implement_Proper_Password_Strength_Controls" target="_blank">OWASP proper password strength</a>.
<!-- Stop Instructions --> <!-- Stop Instructions -->
<br> <br/><br/>
<p><b>General Goal(s):</b> </p> <p><b>General Goal(s):</b> </p>
For this exercise, your job is to test several passwords on <a href="https://howsecureismypassword.net/" target="_blank">https://howsecureismypassword.net/</a> For this exercise, your job is to test several passwords on <a href="https://howsecureismypassword.net/" target="_blank">https://howsecureismypassword.net/</a>