Menu cleanup for Lab stages. Shortened menu names for most lessons. Changed category naming to be more meaningful.

git-svn-id: http://webgoat.googlecode.com/svn/trunk@214 4033779f-a91e-0410-96ef-6bf7bf53c507

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/AbstractLesson.java

@@ -499,7 +499,7 @@ public abstract class AbstractLesson extends Screen implements Comparable
     }
 
 
-    public String getHtml(WebSession s)
+    public String getHtml_DELETE_ME(WebSession s)
     {
 	String html = null;
 
@@ -561,7 +561,6 @@ public abstract class AbstractLesson extends Screen implements Comparable
 
     public String getSolution(WebSession s)
     {
-	String source = null;
 	String src = null;
 
 	try
@@ -587,8 +586,6 @@ public abstract class AbstractLesson extends Screen implements Comparable
 	html.addElement(head);
 	html.addElement(body);
 
-	source = html.toString();
-
 	return src;
     }
 

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/AccessControlMatrix.java

@@ -126,7 +126,7 @@ public class AccessControlMatrix extends LessonAdapter
 
     protected Category getDefaultCategory()
     {
-    	return Category.A2;
+    	return Category.ACCESS_CONTROL;
     }
 
 

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BackDoors.java

@@ -268,7 +268,7 @@ public class BackDoors extends SequentialLessonAdapter
 
 	protected Category getDefaultCategory()
 	{
-		return Category.A6;
+		return Category.INJECTION;
 	}
 
 	protected Integer getDefaultRanking()
@@ -278,6 +278,6 @@ public class BackDoors extends SequentialLessonAdapter
 
 	public String getTitle()
 	{
-		return ("How to Use Database Backdoors ");
+		return ("Database Backdoors ");
 	}
 }

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BasicAuthentication.java

@@ -205,12 +205,11 @@ public class BasicAuthentication extends SequentialLessonAdapter
 		    getLessonTracker(s, BASIC).store(s, this, BASIC);
 		}
 
-		s
+		s.setMessage("Congratulations, you have figured out the mechanics of basic authentication.");
-			.setMessage("Congratulations, you have figured out the mechanics of basic authentication.");
+		s.setMessage("  - Now you must try to make WebGoat reauthenticate you as:  ");
-		s
-			.setMessage("  - Now you must try to make WebGoat reauthenticate you as:  ");
 		s.setMessage("    - username:  basic");
 		s.setMessage("    - password:  basic");
+		s.setMessage("Use the Basic Authentication Menu to start at login page.");
 
 		// If the auth header is different but still the original user - tell the user
 		// that the original cookie was posted bak and basic auth uses the cookie before the
@@ -261,7 +260,7 @@ public class BasicAuthentication extends SequentialLessonAdapter
     protected Category getDefaultCategory()
     {
 
-	return Category.A3;
+	return Category.AUTHENTICATION;
     }
 
 

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BlindSqlInjection.java

@@ -145,7 +145,7 @@ public class BlindSqlInjection extends LessonAdapter
      */
     protected Category getDefaultCategory()
     {
-	return Category.A6;
+	return Category.INJECTION;
     }
 
     /**
@@ -298,7 +298,7 @@ public class BlindSqlInjection extends LessonAdapter
      */
     public String getTitle()
     {
-	return ("How to Perform Blind SQL Injection");
+	return ("Blind SQL Injection");
     }
 
     /**

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BufferOverflow.java

@@ -64,7 +64,7 @@ public class BufferOverflow extends LessonAdapter
     protected Category getDefaultCategory()
     {
 
-	return Category.A5;
+	return Category.BUFFER_OVERFLOW;
     }
 
 

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CSRF.java

@@ -278,7 +278,7 @@ public class CSRF extends LessonAdapter {
 
 	@Override	
 	protected Category getDefaultCategory() {
-		return Category.A2;
+		return Category.ACCESS_CONTROL;
 	}
 
 	private final static Integer DEFAULT_RANKING = new Integer(120);
@@ -308,7 +308,7 @@ public class CSRF extends LessonAdapter {
 	 */
 	public String getTitle()
 	{
-		return ( "How to Perform Cross Site Request Forgery (CSRF)" );
+		return ( "Cross Site Request Forgery (CSRF)" );
 	}
 
 	private static String getNameroot( String name )

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Category.java

@@ -39,53 +39,39 @@ import java.util.List;
 public class Category implements Comparable
 {
 
-    public final static Category A1 = new Category("Unvalidated Parameters",
+	public final static Category UNVALIDATED_PARAMETERS = new Category("Unvalidated Parameters", new Integer(110));
-	    new Integer(110));
 
-    public final static Category A2 = new Category("Broken Access Control",
+	public final static Category ACCESS_CONTROL = new Category("Access Control Flaws", new Integer(210));
-	    new Integer(210));
 
-    public final static Category A3 = new Category(
+	public final static Category AUTHENTICATION = new Category("Authentication Flaws", new Integer(310));
-	    "Broken Authentication and Session Management", new Integer(310));
 
-    public final static Category A4 = new Category(
+	public final static Category SESSION_MANAGEMENT = new Category("Session Management Flaws", new Integer(320));
-	    "Cross-Site Scripting (XSS)", new Integer(410));
 
-    public final static Category A5 = new Category("Buffer Overflows",
+	public final static Category XSS = new Category("Cross-Site Scripting (XSS)", new Integer(410));
-	    new Integer(510));
 
-    public final static Category A6 = new Category("Injection Flaws",
+	public final static Category BUFFER_OVERFLOW = new Category("Buffer Overflows", new Integer(510));
-	    new Integer(610));
 
-    public final static Category A7 = new Category("Improper Error Handling",
+	public final static Category INJECTION = new Category("Injection Flaws", new Integer(610));
-	    new Integer(710));
 
-    public final static Category A8 = new Category("Insecure Storage",
+	public final static Category ERROR_HANDLING = new Category("Improper Error Handling", new Integer(710));
-	    new Integer(810));
 
-    public final static Category A9 = new Category("Denial of Service",
+	public final static Category INSECURE_STORAGE = new Category("Insecure Storage", new Integer(810));
-	    new Integer(910));
 
-    public final static Category A10 = new Category(
+	public final static Category DOS = new Category("Denial of Service", new Integer(910));
-    	    "Insecure Configuration Management", new Integer(1010));
 
-    public final static Category WEB_SERVICES = new Category("Web Services",
+	public final static Category INSECURE_CONFIGURATION = new Category("Insecure Configuration", new Integer(1010));
-	    new Integer(1110));
 
-    public final static Category AJAX_SECURITY = new Category("AJAX Security",
+	public final static Category WEB_SERVICES = new Category("Web Services", new Integer(1110));
-	    new Integer(1150));
 
-    public final static Category ADMIN_FUNCTIONS = new Category(
+	public final static Category AJAX_SECURITY = new Category("AJAX Security", new Integer(1150));
-	    "Admin Functions", new Integer(10));
 
-    public final static Category GENERAL = new Category("General", new Integer(
+	public final static Category ADMIN_FUNCTIONS = new Category("Admin Functions", new Integer(10));
-	    50));
 
-    public final static Category CODE_QUALITY = new Category("Code Quality",
+	public final static Category GENERAL = new Category("General", new Integer(50));
-	    new Integer(70));
 
-    public final static Category CHALLENGE = new Category("Challenge",
+	public final static Category CODE_QUALITY = new Category("Code Quality", new Integer(70));
-	    new Integer(2000));
+
+	public final static Category CHALLENGE = new Category("Challenge", new Integer(2000));
 
 	private static final List<Category> categories = new ArrayList<Category>();
 
@@ -93,17 +79,19 @@ public class Category implements Comparable
 
 	private Integer ranking;
 
-    static {
+	static
-		categories.add(A1);
+	{
-		categories.add(A2);
+		categories.add(UNVALIDATED_PARAMETERS);
-		categories.add(A3);
+		categories.add(ACCESS_CONTROL);
-		categories.add(A4);
+		categories.add(AUTHENTICATION);
-		categories.add(A5);
+		categories.add(SESSION_MANAGEMENT);
-		categories.add(A6);
+		categories.add(XSS);
-		categories.add(A7);
+		categories.add(BUFFER_OVERFLOW);
-		categories.add(A8);
+		categories.add(INJECTION);
-		categories.add(A9);
+		categories.add(ERROR_HANDLING);
-		categories.add(A10);
+		categories.add(INSECURE_STORAGE);
+		categories.add(DOS);
+		categories.add(INSECURE_CONFIGURATION);
 		categories.add(WEB_SERVICES);
 		categories.add(AJAX_SECURITY);
 		categories.add(ADMIN_FUNCTIONS);
@@ -112,16 +100,18 @@ public class Category implements Comparable
 		categories.add(CHALLENGE);
 	}
 
-    public static synchronized void addCategory(Category c) {
+	public static synchronized void addCategory(Category c)
+	{
 		categories.add(c);
 	}
 
-    public static synchronized Category getCategory(String name) {
+	public static synchronized Category getCategory(String name)
+	{
 		Iterator<Category> it = categories.iterator();
-    	while (it.hasNext()) {
+		while (it.hasNext())
+		{
 			Category c = it.next();
-    		if (c.getName().equals(name))
+			if (c.getName().equals(name)) return c;
-    			return c;
 		}
 		return null;
 	}
@@ -144,31 +134,26 @@ public class Category implements Comparable
 		return value;
 	}
 
-
 	public Integer getRanking()
 	{
 		return ranking;
 	}
 
-
 	public Integer setRanking(Integer ranking)
 	{
 		return this.ranking = ranking;
 	}
 
-
 	public String getName()
 	{
 		return category;
 	}
 
-
 	public boolean equals(Object obj)
 	{
 		return (obj instanceof Category) && getName().equals(((Category) obj).getName());
 	}
 
-
 	public String toString()
 	{
 		return getName();

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CommandInjection.java

@@ -294,7 +294,7 @@ public class CommandInjection extends LessonAdapter
      */
     protected Category getDefaultCategory()
     {
-	return Category.A6;
+	return Category.INJECTION;
     }
 
 
@@ -348,6 +348,6 @@ public class CommandInjection extends LessonAdapter
      */
     public String getTitle()
     {
-	return "How to Perform Command Injection";
+	return "Command Injection";
     }
 }

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/CrossSiteScripting.java

@@ -94,7 +94,7 @@ public class CrossSiteScripting extends GoatHillsFinancial
      */
     public Category getDefaultCategory()
     {
-	return Category.A4;
+	return Category.XSS;
     }
 
     /**

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBCrossSiteScripting/DBCrossSiteScripting.java

@@ -88,7 +88,7 @@ public class DBCrossSiteScripting extends GoatHillsFinancial
      */
     public Category getDefaultCategory()
     {
-	return Category.A4;
+	return Category.XSS;
     }
 
     /**

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBSQLInjection/DBSQLInjection.java

@@ -89,7 +89,7 @@ public class DBSQLInjection extends GoatHillsFinancial
      */
     public Category getDefaultCategory()
     {
-	return Category.A6;
+	return Category.INJECTION;
     }
 
     /**

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DOS_Login.java

@@ -190,7 +190,7 @@ public class DOS_Login extends LessonAdapter
      */
     protected Category getDefaultCategory()
     {
-	return Category.A9;
+	return Category.DOS;
     }
 
 

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Encoding.java

@@ -405,7 +405,7 @@ public class Encoding extends LessonAdapter
 
 	protected Category getDefaultCategory()
 	{
-		return Category.A8;
+		return Category.INSECURE_STORAGE;
 	}
 
 

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/FailOpenAuthentication.java

@@ -133,7 +133,7 @@ public class FailOpenAuthentication extends WeakAuthenticationCookie
      */
     public Category getDefaultCategory()
     {
-	return Category.A7;
+	return Category.ERROR_HANDLING;
     }
 
 
@@ -183,7 +183,7 @@ public class FailOpenAuthentication extends WeakAuthenticationCookie
      */
     public String getTitle()
     {
-	return ("How to Bypass a Fail Open Authentication Scheme");
+	return ("Fail Open Authentication Scheme");
     }
     
     public Element getCredits()

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ForcedBrowsing.java

@@ -107,7 +107,7 @@ public class ForcedBrowsing extends LessonAdapter
      */
     protected Category getDefaultCategory()
     {
-    	return Category.A10;
+    	return Category.INSECURE_CONFIGURATION;
     }
 
 

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ForgotPassword.java

@@ -290,7 +290,7 @@ public class ForgotPassword extends LessonAdapter
     protected Category getDefaultCategory()
     {
 
-	return Category.A3;
+	return Category.AUTHENTICATION;
     }
 
 

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HiddenFieldTampering.java

@@ -176,7 +176,7 @@ public class HiddenFieldTampering extends LessonAdapter
      */
     protected Category getDefaultCategory()
     {
-	return Category.A1;
+	return Category.UNVALIDATED_PARAMETERS;
     }
 
 
@@ -228,7 +228,7 @@ public class HiddenFieldTampering extends LessonAdapter
      */
     public String getTitle()
     {
-	return ("How to Exploit Hidden Fields");
+	return ("Exploit Hidden Fields");
     }
     
     public Element getCredits()

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HtmlClues.java

@@ -250,7 +250,7 @@ public class HtmlClues extends LessonAdapter
      */
     public String getTitle()
     {
-	return ("How to Discover Clues in the HTML");
+	return ("Discover Clues in the HTML");
     }
     
     public Element getCredits()

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpBasics.java

@@ -99,6 +99,7 @@ public class HttpBasics extends LessonAdapter
 	hints.add("Type in your name and press 'go'");
 	hints.add("Turn on Show Parameters or other features");
 	hints.add("Press the Show Lesson Plan button to view a lesson summary");
+	hints.add("Press the Show Solution button to view a lesson solution");
 
 	return hints;
     }

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpOnly.java

@@ -149,7 +149,7 @@ public class HttpOnly extends LessonAdapter {
 	 */
 	protected Category getDefaultCategory()
 	{
-		return Category.A4;
+		return Category.XSS;
 	}
 
 

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/JSONInjection.java

@@ -100,7 +100,7 @@ public class JSONInjection extends LessonAdapter
 
 	Form form = new Form(getFormAction(), Form.POST).setName("form")
 		.setEncType("");
-	form.setOnSubmit("check();");
+	form.setOnSubmit("return check();");
 
 	form.addElement(createContent(s));
 
@@ -127,13 +127,13 @@ public class JSONInjection extends LessonAdapter
 		+ TRAVEL_FROM
 		+ "');"
 		+ lineSep
-		+ "if (fromField.value.length < 3 ) { return; }"
+		+ "if (fromField.value.length < 3 || fromField.value!='BOS') { return; }"
 		+ lineSep
 		+ "var toField = document.getElementById('"
 		+ TRAVEL_TO
 		+ "');"
 		+ lineSep
-		+ "if (toField.value.length < 3 ) { return; }"
+		+ "if (toField.value.length < 3 || toField.value!='SEA') { return; }"
 		+ lineSep
 		+ "var url = '" + getLink() 
 		+ "&from=ajax&"
@@ -183,7 +183,7 @@ public class JSONInjection extends LessonAdapter
 		+ lineSep
 		+ "				var node = card.flights[i];"
 		+ lineSep
-		+ "				strHTML = strHTML + '<tr><td><input name=\"radio' + i +'\" type=\"radio\"></td><td>';"
+		+ "				strHTML = strHTML + '<tr><td><input name=\"radio'+i+'\" type=\"radio\" id=\"radio'+i+'\"></td><td>';"
 		+ lineSep
 		+ "			    strHTML = strHTML + card.flights[i].stops + '</td><td>';"
 		+ lineSep
@@ -205,13 +205,13 @@ public class JSONInjection extends LessonAdapter
 		+ lineSep
 		+ " if ( document.getElementById('radio0').checked  )"
 		+ lineSep
-		+ " { document.getElementById('price2Submit').value = document.getElementById('priceID0').innerText; }"
+		+ " { document.getElementById('price2Submit').value = document.getElementById('priceID0').innerHTML; return true;}"
 		+ lineSep
 		+ " else if ( document.getElementById('radio1').checked  )"
 		+ lineSep
-		+ " { document.getElementById('price2Submit').value = document.getElementById('priceID1').innerText; }"
+		+ " { document.getElementById('price2Submit').value = document.getElementById('priceID1').innerHTML; return true;}"
 		+ lineSep + " else " + lineSep
-		+ " { alert('Please choose one flight'); }" + lineSep + "}"
+		+ " { alert('Please choose one flight'); return false;}" + lineSep + "}"
 		+ lineSep + "</script>" + lineSep;
 	ec.addElement(new StringElement(script));
 	Table t1 = new Table().setCellSpacing(0).setCellPadding(0).setBorder(0)
@@ -222,6 +222,7 @@ public class JSONInjection extends LessonAdapter
 	tr.addElement(new TD("From: "));
 	Input in = new Input(Input.TEXT, TRAVEL_FROM, "");
 	in.addAttribute("onkeyup", "getFlights();");
+	in.addAttribute("id", TRAVEL_FROM);
 	tr.addElement(new TD(in));
 
 	t1.addElement(tr);
@@ -230,6 +231,7 @@ public class JSONInjection extends LessonAdapter
 	tr.addElement(new TD("To: "));
 	in = new Input(Input.TEXT, TRAVEL_TO, "");
 	in.addAttribute("onkeyup", "getFlights();");
+	in.addAttribute("id", TRAVEL_TO);
 	tr.addElement(new TD(in));
 
 	t1.addElement(tr);
@@ -251,12 +253,13 @@ public class JSONInjection extends LessonAdapter
 	Input price2Submit = new Input();
 	price2Submit.setType(Input.HIDDEN);
 	price2Submit.setName("price2Submit");
+	price2Submit.setValue("");
+	price2Submit.addAttribute("id", "price2Submit");
 	ec.addElement(price2Submit);
 	if (s.getParser().getRawParameter("radio0", "").equals("on"))
 	{
 	    String price = s.getParser().getRawParameter("price2Submit", "");
 	    price = price.replace("$", "");
-
 	    if (Integer.parseInt(price) < 600)
 	    {
 		makeSuccess(s);
@@ -272,7 +275,7 @@ public class JSONInjection extends LessonAdapter
 
     public Element getCredits()
     {
-	return super.getCustomCredits("Created by Sherif Koussa ", MAC_LOGO);
+	return super.getCustomCredits("Created by Sherif Koussa", MAC_LOGO);
     }
 
     protected Category getDefaultCategory()

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/JavaScriptValidation.java

@@ -270,7 +270,7 @@ public class JavaScriptValidation extends LessonAdapter
      */
     protected Category getDefaultCategory()
     {
-	return Category.A1;
+	return Category.UNVALIDATED_PARAMETERS;
     }
 
 
@@ -323,7 +323,7 @@ public class JavaScriptValidation extends LessonAdapter
      */
     public String getTitle()
     {
-	return ("How to Bypass Client Side JavaScript Validation");
+	return ("Bypass Client Side JavaScript Validation");
     }
     
     public Element getCredits()

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/LogSpoofing.java

@@ -156,14 +156,14 @@ public class LogSpoofing extends LessonAdapter
     @Override
     public String getTitle()
     {
-	return "How to Perform Log Spoofing";
+	return "Log Spoofing";
     }
 
 
     @Override
     protected Category getDefaultCategory()
     {
-	return Category.A6;
+	return Category.INJECTION;
     }
 
 

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/NewLesson.java

@@ -79,7 +79,7 @@ public class NewLesson extends LessonAdapter
      */
     public String getTitle()
     {
-	return ("How to add a new WebGoat lesson");
+	return ("Create a WebGoat Lesson");
     }
     
     public Element getCredits()

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/PathBasedAccessControl.java

@@ -55,11 +55,11 @@ public class PathBasedAccessControl extends LessonAdapter
 
 	private final static String FILE = "File";
 
-
 	/**
 	 * Description of the Method
 	 * 
-     * @param  s  Description of the Parameter
+	 * @param s
+	 *            Description of the Parameter
 	 * @return Description of the Return Value
 	 */
 	protected Element createContent(WebSession s)
@@ -71,8 +71,7 @@ public class PathBasedAccessControl extends LessonAdapter
 			String dir = s.getContext().getRealPath("/lesson_plans");
 			File d = new File(dir);
 
-	    Table t = new Table().setCellSpacing(0).setCellPadding(2).setWidth(
+			Table t = new Table().setCellSpacing(0).setCellPadding(2).setWidth("90%").setAlign("center");
-		    "90%").setAlign("center");
 
 			if (s.isColor())
 			{
@@ -80,50 +79,45 @@ public class PathBasedAccessControl extends LessonAdapter
 			}
 
 			String[] list = d.list();
-	    String listing = " <p><B>Current Directory is:</B> "
+			String listing = " <p><B>Current Directory is:</B> " + Encoding.urlDecode(dir)
-		    + Encoding.urlDecode(dir)
 					+ "<br><br> Choose the file to view:</p>";
 
 			TR tr = new TR();
-	    tr.addElement(new TD().setColSpan(2).addElement(
+			tr.addElement(new TD().setColSpan(2).addElement(new StringElement(listing)));
-		    new StringElement(listing)));
 			t.addElement(tr);
 
 			tr = new TR();
-	    tr.addElement(new TD().setWidth("35%").addElement(
+			tr.addElement(new TD().setWidth("35%").addElement(ECSFactory.makePulldown(FILE, list, "", 15)));
-		    ECSFactory.makePulldown(FILE, list, "", 15)));
+			tr.addElement(new TD().addElement(ECSFactory.makeButton("View File")));
-	    tr.addElement(new TD().addElement(ECSFactory
-		    .makeButton("View File")));
 			t.addElement(tr);
 
 			ec.addElement(t);
 
-	    // FIXME: would be cool to allow encodings here -- hex, percent, url, etc...
+			// FIXME: would be cool to allow encodings here -- hex, percent,
+			// url, etc...
 			String file = s.getParser().getRawParameter(FILE, "");
 
 			// defuse file searching
 			boolean illegalCommand = getWebgoatContext().isDefuseOSCommands();
 			if (getWebgoatContext().isDefuseOSCommands())
 			{
-		// allow them to look at any file in the webgoat hierachy.  Don't allow them
+				// allow them to look at any file in the webgoat hierachy. Don't
-		// to look about the webgoat root, except to see the LICENSE file
+				// allow them
+				// to look about the webgoat root, except to see the LICENSE
+				// file
 				if (upDirCount(file) == 3 && !file.endsWith("LICENSE"))
 				{
 					s.setMessage("Access denied");
-		    s
+					s.setMessage("It appears that you are on the right track.  "
-			    .setMessage("It appears that you are on the right track.  "
 							+ "Commands that may compromise the operating system have been disabled.  "
-				    + "You are only allowed to see one file in this directory. ");;
+							+ "You are only allowed to see one file in this directory. ");
-		}
+				} else if (upDirCount(file) > 3)
-		else if (upDirCount(file) > 3)
 				{
 					s.setMessage("Access denied");
-		    s
+					s.setMessage("It appears that you are on the right track.  "
-			    .setMessage("It appears that you are on the right track.  "
 							+ "Commands that may compromise the operating system have been disabled.  "
 							+ "You are only allowed to see files in the webgoat directory. ");
-		}
+				} else
-		else
 				{
 					illegalCommand = false;
 				}
@@ -132,7 +126,9 @@ public class PathBasedAccessControl extends LessonAdapter
 			// Using the URI supports encoding of the data.
 			// We could force the user to use encoded '/'s == %2f to make the lesson more difficult.
 			// We url Encode our dir name to avoid problems with special characters in our own path.
-	    //File f = new File( new URI("file:///" + Encoding.urlEncode(dir).replaceAll("\\\\","/") + "/" + file.replaceAll("\\\\","/")) );
+			// File f = new File( new URI("file:///" +
+			// Encoding.urlEncode(dir).replaceAll("\\\\","/") + "/" +
+			// file.replaceAll("\\\\","/")) );
 			File f = new File((dir + "\\" + file).replaceAll("\\\\", "/"));
 
 			if (s.isDebug())
@@ -140,7 +136,9 @@ public class PathBasedAccessControl extends LessonAdapter
 
 				s.setMessage("File: " + file);
 				s.setMessage("Dir: " + dir);
-		//s.setMessage("File URI: " + "file:///" + (Encoding.urlEncode(dir) + "\\" + Encoding.urlEncode(file)).replaceAll("\\\\","/"));
+				// s.setMessage("File URI: " + "file:///" +
+				// (Encoding.urlEncode(dir) + "\\" +
+				// Encoding.urlEncode(file)).replaceAll("\\\\","/"));
 				s.setMessage("  - isFile(): " + f.isFile());
 				s.setMessage("  - exists(): " + f.exists());
 			}
@@ -153,25 +151,18 @@ public class PathBasedAccessControl extends LessonAdapter
 					if (upDirCount(file) >= 1)
 					{
 						s.setMessage("Congratulations! Access to file allowed");
-			s.setMessage(" ==> "
+						s.setMessage(" ==> " + Encoding.urlDecode(f.getCanonicalPath()));
-				+ Encoding.urlDecode(f.getCanonicalPath()));
 						makeSuccess(s);
-		    }
+					} else
-		    else
 					{
-			s
+						s.setMessage("File is already in allowed directory - try again!");
-				.setMessage("File is already in allowed directory - try again!");
+						s.setMessage(" ==> " + Encoding.urlDecode(f.getCanonicalPath()));
-			s.setMessage(" ==> "
-				+ Encoding.urlDecode(f.getCanonicalPath()));
 					}
-		}
+				} else if (file != null && file.length() != 0)
-		else if (file != null && file.length() != 0)
 				{
-		    s.setMessage("Access to file/directory \""
+					s.setMessage("Access to file/directory \"" + Encoding.urlDecode(f.getCanonicalPath())
-			    + Encoding.urlDecode(f.getCanonicalPath())
 									+ "\" denied");
-		}
+				} else
-		else
 				{
 					// do nothing, probably entry screen
 				}
@@ -189,24 +180,21 @@ public class PathBasedAccessControl extends LessonAdapter
 					{
 						throw new Exception("File is too large");
 					}
-		    String fileData = getFileText(new BufferedReader(
+					String fileData = getFileText(new BufferedReader(new FileReader(f)), false);
-			    new FileReader(f)), false);
 					if (fileData.indexOf(0x00) != -1)
 					{
 						throw new Exception("File is binary");
 					}
-		    ec.addElement(new StringElement(fileData.replaceAll(
+					ec
-			    System.getProperty("line.separator"), "<br>")
+							.addElement(new StringElement(fileData.replaceAll(System.getProperty("line.separator"),
-			    .replaceAll("(?s)<!DOCTYPE.*/head>", "")
+									"<br>").replaceAll("(?s)<!DOCTYPE.*/head>", "").replaceAll("<br><br>", "<br>")
-			    .replaceAll("<br><br>", "<br>").replaceAll(
+									.replaceAll("<br>\\s<br>", "<br>").replaceAll("<\\?", "&lt;").replaceAll(
-				    "<br>\\s<br>", "<br>").replaceAll("<\\?",
+											"<(r|u|t)", "&lt;$1")));
-				    "&lt;").replaceAll("<(r|u|t)", "&lt;$1")));
 				}
 				catch (Exception e)
 				{
 					ec.addElement(new BR());
-		    ec
+					ec.addElement("The following error occurred while accessing the file: <");
-			    .addElement("The following error occurred while accessing the file: <");
 					ec.addElement(e.getMessage());
 				}
 			}
@@ -220,7 +208,6 @@ public class PathBasedAccessControl extends LessonAdapter
 		return (ec);
 	}
 
-
 	private int upDirCount(String fileName)
 	{
 		int count = 0;
@@ -233,7 +220,6 @@ public class PathBasedAccessControl extends LessonAdapter
 		return count;
 	}
 
-
 	/**
 	 * DOCUMENT ME!
 	 * 
@@ -241,10 +227,9 @@ public class PathBasedAccessControl extends LessonAdapter
 	 */
 	protected Category getDefaultCategory()
 	{
-	return Category.A2;
+		return Category.ACCESS_CONTROL;
 	}
 
-
 	/**
 	 * Gets the hints attribute of the AccessControlScreen object
 	 * 
@@ -253,17 +238,14 @@ public class PathBasedAccessControl extends LessonAdapter
 	protected List<String> getHints(WebSession s)
 	{
 		List<String> hints = new ArrayList<String>();
-	hints
+		hints.add("Most operating systems allow special characters in the path.");
-		.add("Most operating systems allow special characters in the path.");
+		hints.add("Use a file explorer to find the tomcat\\webapps\\WebGoat\\lesson_plans directory");
-	hints
-		.add("Use a file explorer to find the tomcat\\webapps\\WebGoat\\lesson_plans directory");
 		hints.add("Try .. in the path");
 		hints.add("Try ..\\..\\..\\LICENSE");
 
 		return hints;
 	}
 
-
 	/**
 	 * Gets the instructions attribute of the WeakAccessControl object
 	 * 
@@ -271,9 +253,7 @@ public class PathBasedAccessControl extends LessonAdapter
 	 */
 	public String getInstructions(WebSession s)
 	{
-	String instructions = "The '"
+		String instructions = "The '" + s.getUserName() + "' user has access to all the files in the "
-		+ s.getUserName()
-		+ "' user has access to all the files in the "
 				+ "lesson_plans directory.  Try to break the access control mechanism and access a "
 				+ "resource that is not in the listed directory.  After selecting a file to view, WebGoat "
 				+ "will report if access to the file was granted.  An interesting file to try and obtain might "
@@ -284,13 +264,11 @@ public class PathBasedAccessControl extends LessonAdapter
 
 	private final static Integer DEFAULT_RANKING = new Integer(115);
 
-
 	protected Integer getDefaultRanking()
 	{
 		return DEFAULT_RANKING;
 	}
 
-
 	/**
 	 * Gets the title attribute of the AccessControlScreen object
 	 * 
@@ -298,6 +276,6 @@ public class PathBasedAccessControl extends LessonAdapter
 	 */
 	public String getTitle()
 	{
-    	return ("How to Bypass a Path Based Access Control Scheme");
+		return ("Bypass a Path Based Access Control Scheme");
 	}
 }

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Phishing.java

@@ -265,7 +265,7 @@ public class Phishing extends LessonAdapter
      */
     protected Category getDefaultCategory()
     {
-	return Category.A4;
+	return Category.XSS;
     }
 
 

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ReflectedXSS.java

@@ -231,7 +231,7 @@ public class ReflectedXSS extends LessonAdapter
      */
     protected Category getDefaultCategory()
     {
-	return Category.A4;
+	return Category.XSS;
     }
 
 
@@ -288,7 +288,7 @@ public class ReflectedXSS extends LessonAdapter
      */
     public String getTitle()
     {
-	return "How to Perform Reflected Cross Site Scripting (XSS) Attacks";
+	return "Reflected XSS Attacks";
     }
     
 }

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RemoteAdminFlaw.java

@@ -73,7 +73,7 @@ public class RemoteAdminFlaw extends LessonAdapter
      */
     protected Category getDefaultCategory()
     {
-    	return Category.A2;
+    	return Category.ACCESS_CONTROL;
     }
 
 

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java

@@ -87,7 +87,7 @@ public class RoleBasedAccessControl extends GoatHillsFinancial
      */
     public Category getDefaultCategory()
     {
-	return Category.A2;
+	return Category.ACCESS_CONTROL;
     }
 
     /**

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java

@@ -91,7 +91,7 @@ public class SQLInjection extends GoatHillsFinancial
      */
     public Category getDefaultCategory()
     {
-	return Category.A6;
+	return Category.INJECTION;
     }
 
     /**

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SilentTransactions.java

@@ -161,7 +161,7 @@ public class SilentTransactions extends LessonAdapter
 		+ lineSep
 		+ "}"
 		+ lineSep
-		+ " var balanceValue = document.getElementById('balanceID').innerText;"
+		+ " var balanceValue = document.getElementById('balanceID').innerHTML;"
 		+ lineSep
 		+ " balanceValue = balanceValue.replace( new RegExp('$') , '');"
 		+ lineSep
@@ -183,7 +183,7 @@ public class SilentTransactions extends LessonAdapter
 		+ lineSep
 		+ "balanceValue = balanceValue.toFixed(2);"
 		+ lineSep
-		+ "document.getElementById('balanceID').innerText = balanceValue + '$';"
+		+ "document.getElementById('balanceID').innerHTML = balanceValue + '$';"
 		+ lineSep
 		+ "}"
 		+ lineSep
@@ -225,6 +225,7 @@ public class SilentTransactions extends LessonAdapter
 	tr = new TR();
 	tr.addElement(new TD(new StringElement("Transfer to Account:")));
 	Input newAccount = new Input();
+	newAccount.addAttribute("id", "newAccount");
 	newAccount.setType(Input.TEXT);
 	newAccount.setName("newAccount");
 	newAccount.setValue("");
@@ -234,6 +235,7 @@ public class SilentTransactions extends LessonAdapter
 	tr = new TR();
 	tr.addElement(new TD(new StringElement("Transfer Amount:")));
 	Input amount = new Input();
+	amount.addAttribute("id", "amount");
 	amount.setType(Input.TEXT);
 	amount.setName("amount");
 	amount.setValue(0);
@@ -248,6 +250,7 @@ public class SilentTransactions extends LessonAdapter
 	Input b = new Input();
 	b.setType(Input.BUTTON);
 	b.setName("confirm");
+	b.addAttribute("id", "confirm");
 	b.setValue("Confirm");
 	b.setOnClick("processData();");
 	ec.addElement(b);

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SoapRequest.java

@@ -173,7 +173,7 @@ public class SoapRequest extends SequentialLessonAdapter
 
     public String getTitle()
     {
-	return "How to Create a SOAP Request";
+	return "Create a SOAP Request";
     }
 
 

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlNumericInjection.java

@@ -333,7 +333,7 @@ public class SqlNumericInjection extends SequentialLessonAdapter
      */
     protected Category getDefaultCategory()
     {
-	return Category.A6;
+	return Category.INJECTION;
     }
 
 
@@ -374,7 +374,7 @@ public class SqlNumericInjection extends SequentialLessonAdapter
      */
     public String getTitle()
     {
-	return ("How to Perform Numeric SQL Injection");
+	return ("Numeric SQL Injection");
     }
 
 

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlStringInjection.java

@@ -249,7 +249,7 @@ public class SqlStringInjection extends SequentialLessonAdapter
      */
     protected Category getDefaultCategory()
     {
-	return Category.A6;
+	return Category.INJECTION;
     }
 
 
@@ -290,7 +290,7 @@ public class SqlStringInjection extends SequentialLessonAdapter
      */
     public String getTitle()
     {
-	return ("How to Perform String SQL Injection");
+	return ("String SQL Injection");
     }
 
 

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/StoredXss.java

@@ -151,7 +151,7 @@ public class StoredXss extends LessonAdapter
      */
     protected Category getDefaultCategory()
     {
-	return Category.A4;
+	return Category.XSS;
     }
 
 
@@ -190,7 +190,7 @@ public class StoredXss extends LessonAdapter
      */
     public String getTitle()
     {
-	return ("How to Perform Stored Cross Site Scripting (XSS)");
+	return ("Stored XSS Attacks");
     }
 
 

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ThreadSafetyProblem.java

@@ -191,7 +191,7 @@ public class ThreadSafetyProblem extends LessonAdapter
      */
     public String getTitle()
     {
-	return ("How to Exploit Thread Safety Problems");
+	return ("Thread Safety Problems");
     }
 
 

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/TraceXSS.java

@@ -233,7 +233,7 @@ public class TraceXSS extends LessonAdapter
      */
     protected Category getDefaultCategory()
     {
-	return Category.A4;
+	return Category.XSS;
     }
 
 
@@ -281,6 +281,6 @@ public class TraceXSS extends LessonAdapter
      */
     public String getTitle()
     {
-	return ("How to Perform Cross Site Tracing (XST) Attacks");
+	return ("Cross Site Tracing (XST) Attacks");
     }
 }

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/UncheckedEmail.java

@@ -204,7 +204,7 @@ public class UncheckedEmail extends LessonAdapter
      */
     protected Category getDefaultCategory()
     {
-	return Category.A1;
+	return Category.UNVALIDATED_PARAMETERS;
     }
 
 
@@ -257,7 +257,7 @@ public class UncheckedEmail extends LessonAdapter
      */
     public String getTitle()
     {
-	return ("How to Exploit Unchecked Email");
+	return ("Exploit Unchecked Email");
     }
 
 }

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WeakAuthenticationCookie.java

@@ -52,7 +52,8 @@ import org.owasp.webgoat.session.*;
  */
 public class WeakAuthenticationCookie extends LessonAdapter
 {
-	public final static A ASPECT_LOGO = new A().setHref("http://www.aspectsecurity.com").addElement(new IMG("images/logos/aspect.jpg").setAlt("Aspect Security").setBorder(0).setHspace(0).setVspace(0));
+	public final static A ASPECT_LOGO = new A().setHref("http://www.aspectsecurity.com").addElement(
+			new IMG("images/logos/aspect.jpg").setAlt("Aspect Security").setBorder(0).setHspace(0).setVspace(0));
 
 	/**
 	 * Description of the Field
@@ -74,13 +75,14 @@ public class WeakAuthenticationCookie extends LessonAdapter
 	 */
 	protected final static String USERNAME = "Username";
 
-
 	/**
 	 * Description of the Method
 	 * 
-     * @param  s              Description of the Parameter
+	 * @param s
+	 *            Description of the Parameter
 	 * @return Description of the Return Value
-     * @exception  Exception  Description of the Exception
+	 * @exception Exception
+	 *                Description of the Exception
 	 */
 	protected String checkCookie(WebSession s) throws Exception
 	{
@@ -102,8 +104,7 @@ public class WeakAuthenticationCookie extends LessonAdapter
 			{
 				makeSuccess(s);
 				return ("alice");
-	    }
+			} else
-	    else
 			{
 				s.setMessage("Invalid cookie");
 				s.eatCookies();
@@ -113,13 +114,14 @@ public class WeakAuthenticationCookie extends LessonAdapter
 		return (null);
 	}
 
-
 	/**
 	 * Description of the Method
 	 * 
-     * @param  s              Description of the Parameter
+	 * @param s
+	 *            Description of the Parameter
 	 * @return Description of the Return Value
-     * @exception  Exception  Description of the Exception
+	 * @exception Exception
+	 *                Description of the Exception
 	 */
 	protected String checkParams(WebSession s) throws Exception
 	{
@@ -133,8 +135,7 @@ public class WeakAuthenticationCookie extends LessonAdapter
 			if (username.equals("webgoat") && password.equals("webgoat"))
 			{
 				loginID = encode("webgoat12345");
-	    }
+			} else if (username.equals("aspect") && password.equals("aspect"))
-	    else if (username.equals("aspect") && password.equals("aspect"))
 			{
 				loginID = encode("aspect12345");
 			}
@@ -146,8 +147,7 @@ public class WeakAuthenticationCookie extends LessonAdapter
 				s.getResponse().addCookie(newCookie);
 
 				return (username);
-	    }
+			} else
-	    else
 			{
 				s.setMessage("Invalid username and password entered.");
 			}
@@ -156,11 +156,11 @@ public class WeakAuthenticationCookie extends LessonAdapter
 		return (null);
 	}
 
-
 	/**
 	 * Description of the Method
 	 * 
-     * @param  s  Description of the Parameter
+	 * @param s
+	 *            Description of the Parameter
 	 * @return Description of the Return Value
 	 */
 	protected Element createContent(WebSession s)
@@ -200,16 +200,16 @@ public class WeakAuthenticationCookie extends LessonAdapter
 		return (makeLogin(s));
 	}
 
-
 	/**
 	 * Description of the Method
 	 * 
-     * @param  value  Description of the Parameter
+	 * @param value
+	 *            Description of the Parameter
 	 * @return Description of the Return Value
 	 */
 	private String encode(String value)
 	{
-	//<START_OMIT_SOURCE>
+		// <START_OMIT_SOURCE>
 		StringBuffer encoded = new StringBuffer();
 
 		for (int i = 0; i < value.length(); i++)
@@ -218,10 +218,9 @@ public class WeakAuthenticationCookie extends LessonAdapter
 		}
 
 		return encoded.reverse().toString();
-	//<END_OMIT_SOURCE>
+		// <END_OMIT_SOURCE>
 	}
 
-
 	/**
 	 * Gets the category attribute of the WeakAuthenticationCookie object
 	 * 
@@ -229,14 +228,14 @@ public class WeakAuthenticationCookie extends LessonAdapter
 	 */
 	protected Category getDefaultCategory()
 	{
-	return Category.A3;
+		return Category.AUTHENTICATION;
 	}
 
-
 	/**
 	 * Gets the cookie attribute of the CookieScreen object
 	 * 
-     * @param  s  Description of the Parameter
+	 * @param s
+	 *            Description of the Parameter
 	 * @return The cookie value
 	 */
 	protected String getCookie(WebSession s)
@@ -254,7 +253,6 @@ public class WeakAuthenticationCookie extends LessonAdapter
 		return (null);
 	}
 
-
 	/**
 	 * Gets the hints attribute of the CookieScreen object
 	 * 
@@ -263,17 +261,16 @@ public class WeakAuthenticationCookie extends LessonAdapter
 	protected List<String> getHints(WebSession s)
 	{
 		List<String> hints = new ArrayList<String>();
-	hints
+		hints.add("The server authenticates the user using a cookie, if you send the right cookie.");
-		.add("The server skips authentication if you send the right cookie.");
+		hints.add("Is the AuthCookie value guessable knowing the username and password?");
-	hints
+		hints.add("Add 'AuthCookie=********;' to the Cookie: header using "
-		.add("Is the AuthCookie value guessable knowing the username and password?");
+				+ "<A href=\"http://www.owasp.org/development/webscarab\">WebScarab</A>.");
-	hints
+		hints.add("After logging in as webgoat a cookie is added. 65432ubphcfx<br/>" +
-		.add("Add 'AuthCookie=********;' to the Cookie: header using <A href=\"http://www.owasp.org/development/webscarab\">WebScarab</A>.");
+				  "After logging in as aspect a cookie is added. 65432udfqtb<br/>" +
-
+				  "Is there anything similar about the cookies and the login names?");
 		return hints;
 	}
 
-
 	/**
 	 * Gets the instructions attribute of the WeakAuthenticationCookie object
 	 * 
@@ -288,13 +285,11 @@ public class WeakAuthenticationCookie extends LessonAdapter
 
 	private final static Integer DEFAULT_RANKING = new Integer(90);
 
-
 	protected Integer getDefaultRanking()
 	{
 		return DEFAULT_RANKING;
 	}
 
-
 	/**
 	 * Gets the title attribute of the CookieScreen object
 	 * 
@@ -302,14 +297,14 @@ public class WeakAuthenticationCookie extends LessonAdapter
 	 */
 	public String getTitle()
 	{
-	return ("How to Spoof an Authentication Cookie");
+		return ("Spoof an Authentication Cookie");
 	}
 
-
 	/**
 	 * Description of the Method
 	 * 
-     * @param  s  Description of the Parameter
+	 * @param s
+	 *            Description of the Parameter
 	 * @return Description of the Return Value
 	 */
 	protected Element makeLogin(WebSession s)
@@ -317,8 +312,7 @@ public class WeakAuthenticationCookie extends LessonAdapter
 		ElementContainer ec = new ElementContainer();
 
 		ec.addElement(new H1().addElement("Sign In "));
-	Table t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0)
+		Table t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0).setWidth("90%").setAlign("center");
-		.setWidth("90%").setAlign("center");
 
 		if (s.isColor())
 		{
@@ -326,11 +320,9 @@ public class WeakAuthenticationCookie extends LessonAdapter
 		}
 
 		TR tr = new TR();
-	tr
+		tr.addElement(new TH().addElement(
-		.addElement(new TH()
+				"Please sign in to your account.  See the OWASP admin if you do not have an account.").setColSpan(2)
-			.addElement(
+				.setAlign("left"));
-				"Please sign in to your account.  See the OWASP admin if you do not have an account.")
-			.setColSpan(2).setAlign("left"));
 		t.addElement(tr);
 
 		tr = new TR();
@@ -360,27 +352,26 @@ public class WeakAuthenticationCookie extends LessonAdapter
 		return (ec);
 	}
 
-
 	/**
 	 * Description of the Method
 	 * 
-     * @param  s              Description of the Parameter
+	 * @param s
-     * @param  user           Description of the Parameter
+	 *            Description of the Parameter
-     * @param  method         Description of the Parameter
+	 * @param user
+	 *            Description of the Parameter
+	 * @param method
+	 *            Description of the Parameter
 	 * @return Description of the Return Value
-     * @exception  Exception  Description of the Exception
+	 * @exception Exception
+	 *                Description of the Exception
 	 */
-    protected Element makeUser(WebSession s, String user, String method)
+	protected Element makeUser(WebSession s, String user, String method) throws Exception
-	    throws Exception
 	{
 		ElementContainer ec = new ElementContainer();
 		ec.addElement(new P().addElement("Welcome, " + user));
-	ec.addElement(new P().addElement("You have been authenticated with "
+		ec.addElement(new P().addElement("You have been authenticated with " + method));
-		+ method));
+		ec.addElement(new P().addElement(ECSFactory.makeLink("Logout", LOGOUT, true)));
-	ec.addElement(new P().addElement(ECSFactory.makeLink("Logout", LOGOUT,
+		ec.addElement(new P().addElement(ECSFactory.makeLink("Refresh", "", "")));
-		true)));
-	ec.addElement(new P()
-		.addElement(ECSFactory.makeLink("Refresh", "", "")));
 
 		return (ec);
 	}

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WeakSessionID.java

@@ -90,7 +90,7 @@ public class WeakSessionID extends LessonAdapter
     }
 
 
-    protected String newCookie()
+    protected String newCookie(WebSession s)
     {
 	long now = System.currentTimeMillis();
 	seq++;
@@ -98,6 +98,7 @@ public class WeakSessionID extends LessonAdapter
 	{
 	    String target = encode(seq++, lastTime + (now - lastTime) / 2);
 	    sessionList.add(target);
+	    s.setMessage(target);
 	    if (sessionList.size() > 100)
 		sessionList.remove(0);
 	}
@@ -149,7 +150,7 @@ public class WeakSessionID extends LessonAdapter
      */
     protected Category getDefaultCategory()
     {
-	return Category.A3;
+	return Category.SESSION_MANAGEMENT;
     }
 
 
@@ -161,12 +162,11 @@ public class WeakSessionID extends LessonAdapter
     protected List<String> getHints(WebSession s)
     {
 	List<String> hints = new ArrayList<String>();
-	hints
+	hints.add("The server skips authentication if you send the right cookie.");
-		.add("The server skips authentication if you send the right cookie.");
+	hints.add("Is the cookie value predictable? Can you see gaps where someone else has acquired a cookie?");
-	hints
-		.add("Is the cookie value predictable? Can you see gaps where someone else has acquired a cookie?");
 	hints.add("Try harder, you brute!");
-
+	hints.add("The first part of the cookie is a sequential number, the second part is milliseconds.");
+	hints.add("After the 29th try, the skipped identifier is printed to your screen. Use that to login.");
 	return hints;
     }
 
@@ -186,7 +186,7 @@ public class WeakSessionID extends LessonAdapter
      */
     public String getTitle()
     {
-	return ("How to Hijack a Session");
+	return ("Hijack a Session");
     }
 
 
@@ -204,7 +204,7 @@ public class WeakSessionID extends LessonAdapter
 
 	if (weakid == null)
 	{
-	    weakid = newCookie();
+	    weakid = newCookie(s);
 	    Cookie cookie = new Cookie(SESSIONID, weakid);
 	    s.getResponse().addCookie(cookie);
 	}

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/XMLInjection.java

@@ -107,10 +107,10 @@ public class XMLInjection extends LessonAdapter
 		{
 		    String lineSep = System.getProperty("line.separator");
 		    String xmlStr = "<root>" + lineSep
-			    + "<reward>WebGoat t-shirt 20 Pts</reward>"
+			    + "<reward>WebGoat Mug 20 Pts</reward>"
 			    + lineSep
-			    + "<reward>WebGoat Secure Kettle 50 Pts</reward>"
+			    + "<reward>WebGoat t-shirt 50 Pts</reward>"
-			    + lineSep + "<reward>WebGoat Mug 30 Pts</reward>"
+			    + lineSep + "<reward>WebGoat Secure Kettle 30 Pts</reward>"
 			    + lineSep + "</root>";
 		    s.getResponse().setContentType("text/xml");
 		    s.getResponse().setHeader("Cache-Control", "no-cache");
@@ -188,7 +188,7 @@ public class XMLInjection extends LessonAdapter
 		+ lineSep
 		+ "        if (req.status == 200) { "
 		+ lineSep
-		+ "            var rewards = req.responseXML.getElementsByTagName('root')[0];"
+		+ "            var rewards = req.responseXML.getElementsByTagName('reward');"
 		+ lineSep
 		+ "			 var rewardsDiv = document.getElementById('rewardsDiv');"
 		+ lineSep
@@ -198,13 +198,13 @@ public class XMLInjection extends LessonAdapter
 		+ lineSep
 		+ "				strHTML = '<tr><td>&nbsp;</td><td><b>Rewards</b></td></tr>';"
 		+ lineSep
-		+ "			 for(var i=0; i< rewards.childNodes.length; i++){"
+		+ "			 for(var i=0; i< rewards.length; i++){"
-		+ lineSep
+		//+ lineSep
-		+ "				var node = rewards.childNodes[i];"
+		//+ "				var node = rewards.childNodes[i+1];"
 		+ lineSep
 		+ "				strHTML = strHTML + '<tr><td><input name=\"check' + (i+1001) +'\" type=\"checkbox\"></td><td>';"
 		+ lineSep
-		+ "			    strHTML = strHTML + node.childNodes[0].nodeValue + '</td></tr>';"
+		+ "			    strHTML = strHTML + rewards[i].firstChild.nodeValue + '</td></tr>';"
 		+ lineSep
 		+ "			 }"
 		+ lineSep
@@ -254,7 +254,7 @@ public class XMLInjection extends LessonAdapter
 
 	Input input1 = new Input(Input.TEXT, ACCOUNTID, "");
 	input1.addAttribute("onkeyup", "getRewards();");
-
+	input1.addAttribute("id", ACCOUNTID);
 	tr.addElement(new TD(input1));
 	t1.addElement(tr);
 

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/XPATHInjection.java

@@ -224,7 +224,7 @@ public class XPATHInjection extends LessonAdapter
     protected Category getDefaultCategory()
     {
 
-	return Category.A6;
+	return Category.INJECTION;
     }
 
 
@@ -259,7 +259,7 @@ public class XPATHInjection extends LessonAdapter
     public String getTitle()
     {
 
-	return "How to Perform XPATH Injection";
+	return "XPATH Injection";
     }
 
 }

webgoat/main/project/WebContent/css/menu.css

@@ -5,3 +5,7 @@
 .pviimenudiv a:visited {color: #0066FF; text-decoration: underline}
 .pviimenudiv a:hover {color: red; text-decoration: underline}
 .pviimenudiv a:active {color: #0066FF; text-decoration: underline}
+.pviimenudivstage a:link {color: #333333; font-size: 9px; display: block; margin-left: 2em; }
+.pviimenudivstage a:visited {color: #0066FF; font-size: 9px;  display: block; margin-left: 2em; }
+.pviimenudivstage a:hover {color: red; font-size: 9px;  display: block; margin-left: 2em; }
+.pviimenudivstage a:active {color: #0066FF; font-size: 9px;  display: block; margin-left: 2em; }

webgoat/main/project/WebContent/main.jsp

@@ -100,7 +100,7 @@ StringBuffer buildList = new StringBuffer();
 					String[] stages = rla.getStages();
 					for (int i=0; i<stages.length; i++) {
 	    		%>
-			    		<tr><td><%=(rla.isStageComplete(webSession, stages[i]) ? lessonComplete : "")%><a href="<%=lesson.getLink() + "&stage=" + (i+1) %>">Stage <%=i+1%>: <%=stages[i] %></a>
+			    		<tr><td class="pviimenudivstage"><%=(rla.isStageComplete(webSession, stages[i]) ? lessonComplete : "")%><a href="<%=lesson.getLink() + "&stage=" + (i+1) %>">Stage <%=i+1%>: <%=stages[i] %></a>
 						</td></tr>
 				<% 
 					}

webgoat/main/project/WebContent/webgoat.jsp

@@ -1,103 +1,124 @@
 <%@ page contentType="text/html; charset=ISO-8859-1" language="java"
-	errorPage="" %>
+	errorPage=""%>
 <%@page import="org.owasp.webgoat.session.WebSession"%>
-<% WebSession webSession = ((WebSession)session.getAttribute("websession")); %>
+<%
+WebSession webSession = ((WebSession) session.getAttribute("websession"));
+%>
 
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
-<title>WebGoat V5</title>
+<title>WebGoat V5.1RC2</title>
 <link rel="stylesheet" href="css/webgoat.css" type="text/css" />
 </head>
 
 <body>
 
-	<div id="wrap">
+<div id="wrap">
-		<div id="top"></div>
+<div id="top"></div>
-		<div id="start">
+<div id="start">
-		  <p>Thank you for using WebGoat!</p>
+<p>Thank you for using WebGoat!</p>
-		  <p>This program is a demonstration of common web application flaws.  
+<p>This program is a demonstration of common web application flaws.
-		  The exercises are intended to provide hands on experience with application 
+The exercises are intended to provide hands on experience with
-		  penetration testing techniques.  The WebGoat project is lead by Bruce Mayhew. Please send all 
+application penetration testing techniques. </p><p>The WebGoat project is lead
-		  comments to Bruce at <%= webSession.getWebgoatContext().getFeedbackAddress() %>.</p>
+by Bruce Mayhew. Please send all comments to Bruce at <%=webSession.getWebgoatContext().getFeedbackAddress()%>.</p>
-		  <div id="team">
+<div id="team">
-			<table border="0" align="center" class="lessonText">
+<table border="0" align="center" class="lessonText">
 	<tr>
-                  <td width="50%"><div align="center"><a href="http://www.owasp.org"><img border="0" src="images/logos/owasp.jpg" alt="OWASP Foundation" longdesc="http://www.owasp.org" /></a></div></td>
+		<td width="50%">
-                  <td width="50%"><div align="center"><a href="http://www.aspectsecurity.com"><img border="0" src="images/logos/aspect.jpg" alt="Aspect Security" longdesc="http://www.aspectsecurity.com" /></a></div></td>
+		<div align="center"><a href="http://www.owasp.org"><img
+			border="0" src="images/logos/owasp.jpg" alt="OWASP Foundation"
+			longdesc="http://www.owasp.org" /></a></div>
+		</td>
+		<td width="50%">
+		<div align="center"><a href="http://www.aspectsecurity.com"><img
+			border="0" src="images/logos/aspect.jpg" alt="Aspect Security"
+			longdesc="http://www.aspectsecurity.com" /></a></div>
+		</td>
 	</tr>
 	<tr>
-                  <td width="50%"><div align="center"><span class="style1"><br />WebGoat Design Team </span></div></td>
+		<td width="50%">
-                  <td width="50%"><div align="center"><span class="style1"><br />Lesson Contributers </span></div></td>
+		<div align="center"><span class="style1"><br />
+		WebGoat Design Team </span></div>
+		</td>
+		<td width="50%">
+		<div align="center"><span class="style1"><br />
+		Lesson Contributers </span></div>
+		</td>
 	</tr>
 	<tr>
 		<td valign="top">
 		<div align="center" class="style2">Bruce Mayhew</div>
-	                 <div align="center" class="style2">Laurence Casey</div>
 		<div align="center" class="style2">David Anderson</div>
-	                 <div align="center" class="style2">Eric Sheridan</div>
 		<div align="center" class="style2">Rogan Dawes</div>
+		<div align="center" class="style2">Laurence Casey (Graphics)</div>
 		</td>
 		<td valign="top">
 		<div align="center" class="style2">Aspect Security</div>
 		<div align="center" class="style2">Sherif Koussa</div>
-                   	<div align="center" class="style2">Alex Smolen</div>
+		<div align="center" class="style2">Romain Brechet</div>
-                  	<div align="center" class="style2">Chuck Willis</div>
+		<div align="center" class="style2"></div>
 
 		</td>
 	</tr>
 	<tr>
-                  <td height="25" valign="bottom"><div align="center"><span class="style1">Special Thanks for V5</span></div></td>
+		<td height="25" valign="bottom">
-                  <td height="25" valign="bottom"><div align="center"><span class="style1">Documentation Contributers</span></div></td>
+		<div align="center"><span class="style1">Special Thanks
+		for V5.1</span></div>
+		</td>
+		<td height="25" valign="bottom">
+		<div align="center"><span class="style1">Documentation
+		Contributers</span></div>
+		</td>
 	</tr>
 	<tr>
 		<td>
-			<div align="center" class="style2">OWASP Autumn of Code<br />
+		<div align="center" class="style2">OWASP Spring of Code</div>
-                  (http://www.owasp.org/) </div>
-			<div align="center" class="style2">Sherif Koussa<br />(http://www.macadamian.com)<br /></div>
-			<div align="center" class="style2">OWASP Spring of Code<br />
-                  (http://www.owasp.org/) </div>
-			<div align="center" class="style2">Erwin Geirnaert<br />(http://www.zionsecurity.com)<br /></div>
-                  </td>
-                  <td><div align="center" class="style2">Sherif Koussa<br />
-                  (http://www.macadamian.com)<br /> </div>
-                  <div align="center" class="style2">Robert Sullivan<br />
-                  (http://www.unitedhealthgroup.com/) </div>
 		<div align="center" class="style2">Erwin Geirnaert<br />
-                  (http://www.zionsecurity.com/) </div>
+		(http://www.zionsecurity.com)<br />
+		</div>
+		</td>
+		<td>
+		<div align="center" class="style2">Sherif Koussa<br />
+		(http://www.macadamian.com)<br />
+		</div>
+		<div align="center" class="style2">Erwin Geirnaert<br />
+		(http://www.zionsecurity.com/)</div>
 		</td>
 	</tr>
 	<tr>
-                  <td><div align="center" class="style2">To all who have sent comments</div></td>
+		<td>
+		<div align="center" class="style2">To all who have sent comments</div>
+		</td>
 	</tr>
 	<tr>
-                  <td colspan = "2">
+		<td colspan="2">
 		<div align="center" class="style2">
-                      <form id="form" name="form" method="post" action="attack">
+		<form id="form" name="form" method="post" action="attack"><input
-    			            <input type="submit" name="start" value="Start WebGoat" />
+			type="submit" name="start" value="Start WebGoat" /></form>
-			          </form>
 		</div>
 		</td>
 	</tr>
 	<tr>
-                  <td><div align="center" class="style2">&nbsp;</div></td>
+		<td>
+		<div align="center" class="style2">&nbsp;</div>
+		</td>
 	</tr>
-            </table>
+</table>
-		  </div>
+</div>
-	  </div>
+</div>
-	<div align="center" class="style2">&nbsp;</div>
+<div align="center" class="style2">&nbsp;</div>
-	<div align="center" class="style2">&nbsp;</div>
+<div align="center" class="style2">&nbsp;</div>
-	<div align="center" class="style2">&nbsp;</div>
+<div align="center" class="style2">&nbsp;</div>
-		<div id="warning"> WARNING<br /> 
+<div id="warning">WARNING<br />
-	      While running this program, your machine is extremely vulnerable to attack. 
+While running this program, your machine is extremely vulnerable to
-	      You should disconnect from the network while using this program.
+attack. You should disconnect from the network while using this program.
-		  <br/>
+<br />
-		  <br/>
+<br />
-		  This program is for educational purposes only. 
+This program is for educational purposes only. Use of these techniques
-		  Use of these techniques without permission could lead to 
+without permission could lead to job termination, financial liability,
-		  job termination, financial liability, and/or criminal penalties.
+and/or criminal penalties.</div>
-	    </div>
+</div>
-	  </div>
 </body>
 </html>

webgoat/main/project/WebContent/webgoat_challenge.jsp

@@ -7,7 +7,7 @@
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
-<title>WebGoat V5</title>
+<title>WebGoat V5.1RC2</title>
 <link rel="stylesheet" href="css/webgoat.css" type="text/css" />
 </head>
 
@@ -19,7 +19,7 @@
 		  <p>Thank you for using WebGoat!</p>
 		  <p>This program is a demonstration of common web application flaws.  
 		  The exercises are intended to provide hands on experience with application 
-		  penetration testing techniques.  The WebGoat project is lead by Bruce Mayhew. Please send all 
+		  penetration testing techniques.  </p><p>The WebGoat project is lead by Bruce Mayhew. Please send all 
 		  comments to Bruce at <%= webSession.getWebgoatContext().getFeedbackAddress() %>.</p>
 		  <div id="team">
 			<table border="0" align="center" class="lessonText">