Create directories ru/en/de and copy there plans of lessons. In ru-directory i put english files for translate them in future.

git-svn-id: http://webgoat.googlecode.com/svn/trunk@421 4033779f-a91e-0410-96ef-6bf7bf53c507
2011-05-22 11:22:28 +00:00
parent 77a6dd70a1
commit b22a537130
144 changed files with 2649 additions and 0 deletions
--- a/webgoat/src/main/webapp/lesson_plans/ru/WeakAuthenticationCookie.html
+++ b/webgoat/src/main/webapp/lesson_plans/ru/WeakAuthenticationCookie.html
@ -0,0 +1,12 @@
+<div align="Center"> 
+<p><b>Lesson Plan Title:</b> How to Spoof an Authentication Cookie </p>
+ </div>
+ 
+<p><b>Concept / Topic To Teach:</b> </p>
+
+Many applications will automatically log a user into their site if the right authentication cookie is specified. &nbsp; Some times the cookie values can be guessed if the algorithm for generating the cookie can be obtained. &nbsp;Some times the cookies are left on the client machine and can be stolen by exploiting another system vulnerability. &nbsp;Some times the cookies maybe intercepted using Cross site scripting. &nbsp;This lesson tries to make the student aware of authentication cookies and presents the student with a way to defeat the cookie authentication method in this lesson.<br>
+<p><b>General Goal(s):</b> </p>
+<!-- Start Instructions -->
+ The user should be able to bypass the authentication check.
+Login using the webgoat/webgoat account to see what happens. You may also try aspect/aspect. When you understand the authentication cookie, try changing your identity to alice.
+<!-- Stop Instructions -->