dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
WebGoat/webgoat/main/project/WebContent/lesson_solutions/PasswordStrength.html
wirth.marcel 82e32acb77 * Hints added 
* Solutions added
* Bugfixes
* Introduction added (including how to start with webgoat and useful tools)
* New lesson: Password strength
* New lessons: Multi Level Login
* Not yet working new lesson: Session fixation (inital release)

git-svn-id: http://webgoat.googlecode.com/svn/trunk@301 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-04-07 14:28:38 +00:00

38 lines
2.1 KiB
HTML
Raw Blame History

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>password Strength</title>
<link rel="stylesheet" type="text/css" href="/WebGoat/lesson_solutions/formate.css">
</head>
<body>
<p><b>Lesson Plan Title:</b> Password Strength</p>
<p><b>Concept / Topic To Teach:</b> </p>
<!-- Start Instructions -->
Accounts are only as secure as there passwords. Most users have the same weak password everywhere. If you want to protect them against brute-force-attacks your application should have good requirements for passwords. The password should contain lower case letters, capitals and numbers. The longer the password, the better.
<!-- Stop Instructions -->
<br>
<p><b>General Goal(s):</b> </p>
For this exercise, your job is to test several passwords on <a href="https://www.cnlab.ch/codecheck" target="_blank">https://www.cnlab.ch/codecheck</a>.
<br><br>
<b>Solution:</b><br/>
Open your browser on <a href="https://www.cnlab.ch/codecheck" target="_blank">https://www.cnlab.ch/codecheck</a>. Copy the first password in the field and click "Run the check".<br><br>
<img src="/WebGoat/lesson_solutions/PasswordStrength_files/image001.jpg"><br/>
<font size="2"><b>Code checker</b></font><br/><br/><br/>
You will get a little pop-up. Choose "Yes, I want this word to be tested".<br><br>
<img src="/WebGoat/lesson_solutions/PasswordStrength_files/image002.jpg"><br/>
<font size="2"><b>Pop-up</b></font><br/><br/><br/>
You will get get the result of the check.<br><br>
<img src="/WebGoat/lesson_solutions/PasswordStrength_files/image003.jpg"><br/>
<font size="2"><b>The result</b></font><br/><br/><br/>
Do this with all of the five given passwords.<br><br>
Here are the results you get:<br><br>
Password = 123456: <font color="#ff0000">0</font> seconds<br>
Password = abzfez: <font color="#ff0000">1394</font> seconds<br>
Password = a9z1ez: <font color="#ff0000">5</font> hours<br>
Password = aB8fEz: <font color="#ff0000">2</font> days<br>
Password = z8!E?7: <font color="#ff0000">41</font> days<br>
<br><br><br>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink