dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Modified the ranking of the lessons. CSRF has been moved to "Broken Access Control"

Browse Source 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@81 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
esheri3 2007-01-24 19:09:24 +00:00
parent 38e9a8967b
commit e121871396
4 changed files with 128 additions and 136 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/AccessControlMatrix.java
View File

@ -72,8 +72,7 @@ public class AccessControlMatrix extends LessonAdapter
try
{
String user = s.getParser().getRawParameter(USER, users[0]);
String resource = s.getParser().getRawParameter(RESOURCE,
resources[0]);
String resource = s.getParser().getRawParameter(RESOURCE, resources[0]);
String credentials = getRoles(user).toString();
ec.addElement(new P().addElement("Change user:"));
ec.addElement(ECSFactory.makePulldown(USER, users, user, 1));
@ -84,8 +83,7 @@ public class AccessControlMatrix extends LessonAdapter
// ec.addElement( new P().addElement( "Choose a resource:" ) );
// ec.addElement( ECSFactory.makePulldown( RESOURCE, resources, resource, 1 ) );
ec.addElement(new P().addElement("Select resource: "));
ec.addElement(ECSFactory.makePulldown(RESOURCE, resources,
resource, 1));
ec.addElement(ECSFactory.makePulldown(RESOURCE, resources, resource, 1));
ec.addElement(new P());
ec.addElement(ECSFactory.makeButton("Check Access"));
@ -137,15 +135,13 @@ public class AccessControlMatrix extends LessonAdapter
protected List getHints()
{
List<String> hints = new ArrayList<String>();
hints
.add("Many sites attempt to restrict access to resources by role.");
hints
.add("Developers frequently make mistakes implementing this scheme.");
hints.add("Many sites attempt to restrict access to resources by role.");
hints.add("Developers frequently make mistakes implementing this scheme.");
hints.add("Attempt combinations of users, roles, and resources.");
return hints;
}
private final static Integer DEFAULT_RANKING = new Integer(120);
private final static Integer DEFAULT_RANKING = new Integer(10);
protected Integer getDefaultRanking()

4
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CSRF.java
View File

@ -278,10 +278,10 @@ public class CSRF extends LessonAdapter {
@Override
protected Category getDefaultCategory() {
return AbstractLesson.A4;
return AbstractLesson.A2;
}
private final static Integer DEFAULT_RANKING = new Integer(140);
private final static Integer DEFAULT_RANKING = new Integer(120);
@Override
protected Integer getDefaultRanking() {

2
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/PathBasedAccessControl.java
View File

@ -282,7 +282,7 @@ public class PathBasedAccessControl extends LessonAdapter
return (instructions);
}
private final static Integer DEFAULT_RANKING = new Integer(120);
private final static Integer DEFAULT_RANKING = new Integer(115);
protected Integer getDefaultRanking()

12
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RemoteAdminFlaw.java
View File

@ -58,8 +58,7 @@ public class RemoteAdminFlaw extends LessonAdapter
}
else
{
ec
.addElement("WebGoat has an admin interface. To 'complete' this lesson you must figure "
ec.addElement("WebGoat has an admin interface. To 'complete' this lesson you must figure "
+ "out how to access the administrative interface for WebGoat.");
}
return ec;
@ -74,7 +73,6 @@ public class RemoteAdminFlaw extends LessonAdapter
*/
protected Category getDefaultCategory()
{
return AbstractLesson.A2;
}
@ -88,16 +86,14 @@ public class RemoteAdminFlaw extends LessonAdapter
{
List<String> hints = new ArrayList<String>();
hints.add("WebGoat has 2 admin interfaces.");
hints
.add("WebGoat has one admin interface that is controlled via a URL parameter and is 'hackable'");
hints
.add("WebGoat has one admin interface that is controlled via server side security constraints and should not be 'hackable'");
hints.add("WebGoat has one admin interface that is controlled via a URL parameter and is 'hackable'");
hints.add("WebGoat has one admin interface that is controlled via server side security constraints and should not be 'hackable'");
hints.add("Follow the Source!");
return hints;
}
private final static Integer DEFAULT_RANKING = new Integer(15);
private final static Integer DEFAULT_RANKING = new Integer(160);
protected Integer getDefaultRanking()