Miscellaneous bug fixes

divide by zero, inaccurate discount and totals, reflection of user input


git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@273 4033779f-a91e-0410-96ef-6bf7bf53c507

main/project/WebContent/lesson_plans/ClientSideValidation.html

@@ -0,0 +1,15 @@
+<div align="Center">
+<p><b>Lesson Plan Title: </b>Insecure Client Storage</p>
+</div>
+<p><b>Concept / Topic To Teach:</b> </p>
+<!-- Start Instructions -->
+It is always a good practice to validate all input on the server side.  Leaving the
+mechanism for validation on the client side leaves it vulnerable to reverse
+engineering.  Remember, anything on the client side should not be
+considered a secret.
+<!-- Stop Instructions -->
+<p><b>General Goal(s):</b> </p>
+For this exercise, your mission is to discover a coupon code to receive an unintended
+discount.  Then, exploit the use of client side validation to submit an order with a
+cost of zero.
+