dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Lots of wording changes and HTML fixes.

Browse Source 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@373 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
soylentmean 2009-01-06 21:06:42 +00:00
parent 8a372baa01
commit b8c1d13e50
1 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java
View File

@ -140,7 +140,7 @@ public class RoleBasedAccessControl extends GoatHillsFinancial
String stage = getStage(s); String stage = getStage(s);
if (STAGE1.equals(stage)) if (STAGE1.equals(stage))
{ {
instructions = "Stage 1: Bypass Presentational Layer Access Control.<br>" instructions = "Stage 1: Bypass Presentational Layer Access Control.<br />"
+ "As regular employee 'Tom', exploit weak access control to use the Delete function from the Staff List page. " + "As regular employee 'Tom', exploit weak access control to use the Delete function from the Staff List page. "
+ "Verify that Tom's profile can be deleted. " + "Verify that Tom's profile can be deleted. "
+ "The passwords for users are their given names in lowercase (e.g. the password for Tom Cat is \"tom\")."; + "The passwords for users are their given names in lowercase (e.g. the password for Tom Cat is \"tom\").";
@ -148,22 +148,22 @@ public class RoleBasedAccessControl extends GoatHillsFinancial
else if (STAGE2.equals(stage)) else if (STAGE2.equals(stage))
{ {
instructions = "Stage 2: Add Business Layer Access Control.<br><br />" instructions = "Stage 2: Add Business Layer Access Control.<br><br />"
+ "<b><font color=blue> THIS LESSON ONLY WORKS WITH THE DEVELOPER VERSION OF WEBGOAT</font></b><br/><br/>" + "<b><font color=\"blue\"> THIS LESSON ONLY WORKS WITH THE DEVELOPER VERSION OF WEBGOAT</font></b><br /><br />"
+ "Implement a fix to deny unauthorized access to the Delete function. " + "Implement a fix to deny unauthorized access to the Delete function. "
+ "Repeat stage 1. Verify that access to Delete is properly denied.<br/>" + "To do this, you will have to alter the WebGoat code. "
+ "To do this you have to alter code."; + "Once you have done this, repeat stage 1 and verify that access to DeleteProfile functionality is properly denied.";
} }
else if (STAGE3.equals(stage)) else if (STAGE3.equals(stage))
{ {
instructions = "Stage 3: Breaking Data Layer Access Control.<br>" instructions = "Stage 3: Breaking Data Layer Access Control.<br />"
+ "As regular employee 'Tom', exploit weak access control to View another employee's profile. Verify the access."; + "As regular employee 'Tom', exploit weak access control to View another employee's profile. Verify the access.";
} }
else if (STAGE4.equals(stage)) else if (STAGE4.equals(stage))
{ {
instructions = "Stage 4: Add Data Layer Access Control.<br><br />" instructions = "Stage 4: Add Data Layer Access Control.<br><br />"
+ "<b><font color=blue> THIS LESSON ONLY WORKS WITH THE DEVELOPER VERSION OF WEBGOAT</font></b><br/><br/>" + "<b><font color=\"blue\"> THIS LESSON ONLY WORKS WITH THE DEVELOPER VERSION OF WEBGOAT</font></b><br /><br />"
+ "Implement a fix to deny unauthorized access to this data. " + "Implement a fix to deny unauthorized access to this data. "
+ "Repeat stage 3. Verify that access to other employee's profiles is properly denied."; + "Once you have done this, repeat stage 3, and verify that access to other employee's profiles is properly denied.";
} }
} }