dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Modified the ranking of the lessons. CSRF has been moved to "Broken Access Control"

Browse Source 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@81 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
esheri3 2007-01-24 19:09:24 +00:00
parent 38e9a8967b
commit e121871396
4 changed files with 128 additions and 136 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/AccessControlMatrix.java
View File

@ -72,8 +72,7 @@ public class AccessControlMatrix extends LessonAdapter
try try
{ {
String user = s.getParser().getRawParameter(USER, users[0]); String user = s.getParser().getRawParameter(USER, users[0]);
String resource = s.getParser().getRawParameter(RESOURCE, String resource = s.getParser().getRawParameter(RESOURCE, resources[0]);
resources[0]);
String credentials = getRoles(user).toString(); String credentials = getRoles(user).toString();
ec.addElement(new P().addElement("Change user:")); ec.addElement(new P().addElement("Change user:"));
ec.addElement(ECSFactory.makePulldown(USER, users, user, 1)); ec.addElement(ECSFactory.makePulldown(USER, users, user, 1));
@ -84,8 +83,7 @@ public class AccessControlMatrix extends LessonAdapter
// ec.addElement( new P().addElement( "Choose a resource:" ) ); // ec.addElement( new P().addElement( "Choose a resource:" ) );
// ec.addElement( ECSFactory.makePulldown( RESOURCE, resources, resource, 1 ) ); // ec.addElement( ECSFactory.makePulldown( RESOURCE, resources, resource, 1 ) );
ec.addElement(new P().addElement("Select resource: ")); ec.addElement(new P().addElement("Select resource: "));
ec.addElement(ECSFactory.makePulldown(RESOURCE, resources, ec.addElement(ECSFactory.makePulldown(RESOURCE, resources, resource, 1));
resource, 1));
ec.addElement(new P()); ec.addElement(new P());
ec.addElement(ECSFactory.makeButton("Check Access")); ec.addElement(ECSFactory.makeButton("Check Access"));
@ -137,15 +135,13 @@ public class AccessControlMatrix extends LessonAdapter
protected List getHints() protected List getHints()
{ {
List<String> hints = new ArrayList<String>(); List<String> hints = new ArrayList<String>();
hints hints.add("Many sites attempt to restrict access to resources by role.");
.add("Many sites attempt to restrict access to resources by role."); hints.add("Developers frequently make mistakes implementing this scheme.");
hints
.add("Developers frequently make mistakes implementing this scheme.");
hints.add("Attempt combinations of users, roles, and resources."); hints.add("Attempt combinations of users, roles, and resources.");
return hints; return hints;
} }
private final static Integer DEFAULT_RANKING = new Integer(120); private final static Integer DEFAULT_RANKING = new Integer(10);
protected Integer getDefaultRanking() protected Integer getDefaultRanking()

4
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CSRF.java
View File

@ -278,10 +278,10 @@ public class CSRF extends LessonAdapter {
@Override @Override
protected Category getDefaultCategory() { protected Category getDefaultCategory() {
return AbstractLesson.A4; return AbstractLesson.A2;
} }
private final static Integer DEFAULT_RANKING = new Integer(140); private final static Integer DEFAULT_RANKING = new Integer(120);
@Override @Override
protected Integer getDefaultRanking() { protected Integer getDefaultRanking() {

2
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/PathBasedAccessControl.java
View File

@ -282,7 +282,7 @@ public class PathBasedAccessControl extends LessonAdapter
return (instructions); return (instructions);
} }
private final static Integer DEFAULT_RANKING = new Integer(120); private final static Integer DEFAULT_RANKING = new Integer(115);
protected Integer getDefaultRanking() protected Integer getDefaultRanking()

12
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RemoteAdminFlaw.java
View File

@ -58,8 +58,7 @@ public class RemoteAdminFlaw extends LessonAdapter
} }
else else
{ {
ec ec.addElement("WebGoat has an admin interface. To 'complete' this lesson you must figure "
.addElement("WebGoat has an admin interface. To 'complete' this lesson you must figure "
+ "out how to access the administrative interface for WebGoat."); + "out how to access the administrative interface for WebGoat.");
} }
return ec; return ec;
@ -74,7 +73,6 @@ public class RemoteAdminFlaw extends LessonAdapter
*/ */
protected Category getDefaultCategory() protected Category getDefaultCategory()
{ {
return AbstractLesson.A2; return AbstractLesson.A2;
} }
@ -88,16 +86,14 @@ public class RemoteAdminFlaw extends LessonAdapter
{ {
List<String> hints = new ArrayList<String>(); List<String> hints = new ArrayList<String>();
hints.add("WebGoat has 2 admin interfaces."); hints.add("WebGoat has 2 admin interfaces.");
hints hints.add("WebGoat has one admin interface that is controlled via a URL parameter and is 'hackable'");
.add("WebGoat has one admin interface that is controlled via a URL parameter and is 'hackable'"); hints.add("WebGoat has one admin interface that is controlled via server side security constraints and should not be 'hackable'");
hints
.add("WebGoat has one admin interface that is controlled via server side security constraints and should not be 'hackable'");
hints.add("Follow the Source!"); hints.add("Follow the Source!");
return hints; return hints;
} }
private final static Integer DEFAULT_RANKING = new Integer(15); private final static Integer DEFAULT_RANKING = new Integer(160);
protected Integer getDefaultRanking() protected Integer getDefaultRanking()