dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Changed layout of the html tampering lesson and fixed some JavaScript issues. Added a small mitigation page.

Browse Source 
Moved the lessons concerning client side validation to client side category
This commit is contained in:
Nanne Baars
2017-06-13 03:22:19 +02:00
parent 09d8fef50e
commit b048988d2f
11 changed files with 165 additions and 87 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
webgoat-lessons/html-tampering/src/main/resources/lessonPlans/en/HtmlTampering_Mitigation.adoc Executable file
View File

@ -0,0 +1,14 @@
=== Mitigation
In this simple example you noticed that the price is calculated server side and send to the server. The server
accepted the input as a given and did not calculate the price again. One of the mitigations in this case is to look up
the price of the television in your database and calculate the total price again.
In a real application you should never rely on client side validation it is important to verify all the input
send by the client. Always remember: **NEVER TRUST INPUT SEND BY A CLIENT.**
''''
==== References
https://www.owasp.org/index.php/Input_Validation_Cheat_Sheet