From f831487fa2476bb6e35691f1586989f61c29b456 Mon Sep 17 00:00:00 2001 From: "rogan.dawes" Date: Wed, 18 Jul 2007 13:36:42 +0000 Subject: [PATCH] Add descriptions to the stages git-svn-id: http://webgoat.googlecode.com/svn/trunk@199 4033779f-a91e-0410-96ef-6bf7bf53c507 --- .../CrossSiteScripting/CrossSiteScripting.java | 12 ++++++------ .../DBCrossSiteScripting/DBCrossSiteScripting.java | 4 ++-- .../lessons/DBSQLInjection/DBSQLInjection.java | 4 ++-- .../RoleBasedAccessControl.java | 8 ++++---- .../webgoat/lessons/SQLInjection/SQLInjection.java | 8 ++++---- 5 files changed, 18 insertions(+), 18 deletions(-) diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/CrossSiteScripting.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/CrossSiteScripting.java index 4daa93a29..ad37d3e92 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/CrossSiteScripting.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/CrossSiteScripting.java @@ -54,17 +54,17 @@ public class CrossSiteScripting extends GoatHillsFinancial { private final static Integer DEFAULT_RANKING = new Integer(100); - public final static String STAGE1 = "Stage 1"; + public final static String STAGE1 = "Stage 1: Stored XSS"; - public final static String STAGE2 = "Stage 2"; + public final static String STAGE2 = "Stage 2: Block Stored XSS using Input Validation"; - public final static String STAGE3 = "Stage 3"; + public final static String STAGE3 = "Stage 3: Stored XSS Revisited"; - public final static String STAGE4 = "Stage 4"; + public final static String STAGE4 = "Stage 4: Block Stored XSS using Output Encoding"; - public final static String STAGE5 = "Stage 5"; + public final static String STAGE5 = "Stage 5: Reflected XSS"; - public final static String STAGE6 = "Stage 6"; + public final static String STAGE6 = "Stage 6: Block Reflected XSS"; protected void registerActions(String className) { diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBCrossSiteScripting/DBCrossSiteScripting.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBCrossSiteScripting/DBCrossSiteScripting.java index fbdd92a9f..c430ae1f9 100755 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBCrossSiteScripting/DBCrossSiteScripting.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBCrossSiteScripting/DBCrossSiteScripting.java @@ -56,9 +56,9 @@ public class DBCrossSiteScripting extends GoatHillsFinancial { private final static Integer DEFAULT_RANKING = new Integer(100); - public final static String STAGE1 = "Stage 1"; + public final static String STAGE1 = "Stage 1: Stored XSS"; - public final static String STAGE2 = "Stage 2"; + public final static String STAGE2 = "Stage 2: Block Stored XSS using DB Input Validation"; protected void registerActions(String className) { diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBSQLInjection/DBSQLInjection.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBSQLInjection/DBSQLInjection.java index 2d64cc3d5..851c398db 100755 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBSQLInjection/DBSQLInjection.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBSQLInjection/DBSQLInjection.java @@ -57,9 +57,9 @@ public class DBSQLInjection extends GoatHillsFinancial public final static String PRIZE_EMPLOYEE_NAME = "Neville Bartholomew"; - public final static String STAGE1 = "Stage 1"; + public final static String STAGE1 = "Stage 1: String SQL Injection"; - public final static String STAGE2 = "Stage 2"; + public final static String STAGE2 = "Stage 2: Block SQL Injection using Bind Variables"; public void registerActions(String className) { diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java index 1334332ae..a2ac0935f 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java @@ -52,13 +52,13 @@ public class RoleBasedAccessControl extends GoatHillsFinancial { private final static Integer DEFAULT_RANKING = new Integer(125); - public final static String STAGE1 = "Stage 1"; + public final static String STAGE1 = "Stage 1: Break Functional Access Control"; - public final static String STAGE2 = "Stage 2"; + public final static String STAGE2 = "Stage 2: Add Business Layer Access Control"; - public final static String STAGE3 = "Stage 3"; + public final static String STAGE3 = "Stage 3: Break Data Layer Access Control"; - public final static String STAGE4 = "Stage 4"; + public final static String STAGE4 = "Stage 4: Add Data Layer Access Control"; protected void registerActions(String className) { registerAction(new ListStaff(this, className, LISTSTAFF_ACTION)); diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java index 6adf47fc8..5ea0195e8 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java @@ -55,13 +55,13 @@ public class SQLInjection extends GoatHillsFinancial public final static String PRIZE_EMPLOYEE_NAME = "Neville Bartholomew"; - public final static String STAGE1 = "Stage 1"; + public final static String STAGE1 = "Stage 1: String SQL Injection"; - public final static String STAGE2 = "Stage 2"; + public final static String STAGE2 = "Stage 2: Parameterized Query #1"; - public final static String STAGE3 = "Stage 3"; + public final static String STAGE3 = "Stage 3: Numeric SQL Injection"; - public final static String STAGE4 = "Stage 4"; + public final static String STAGE4 = "Stage 4: Parameterized Query #2"; public void registerActions(String className) {