dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial cut on auth-bypass lesson

Browse Source
This commit is contained in:
Jason White
2017-07-18 15:59:46 -04:00
parent bf06d645a1
commit ce7c271bb5
24 changed files with 354 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
webgoat-lessons/auth-bypass/src/main/resources/lessonPlans/en/bypass-intro.adoc Normal file
View File

@ -0,0 +1,15 @@
== Authentication Bpasses
Authentication Bypasses happen in many ways, but usually take advantage of some flaw in the configuration or logic. Tampering to achieve the right conditions.
=== Hidden inputs
The simplest form is a reliance on a hidden input that is in the web page/DOM.
=== Removing Parameters
Sometimes, if an attacker doesn't know the correct value of a parameter, they may remove the parameter from the submission altogether to see what happens.
=== Forced Browsing
If an area of a site is not protected properly by configuation, that area of the site may be accessed by guessing/brute-forcing.