Files
main
project
JavaSource
WebContent
META-INF
WEB-INF
css
database
images
javascript
lesson_plans
AccessControlMatrix.html
BackDoors.html
BasicAuthentication.html
BlindSqlInjection.html
BufferOverflow.html
CSRF.html
ChallengeScreen.html
ClientSideFiltering.html
ClientSideValidation.html
CommandInjection.html
ConcurrencyCart.html
CrossSiteScripting.html
DBCrossSiteScripting.html
DBSQLInjection.html
DOMInjection.html
DOMXSS.html
DOS_Login.html
DangerousEval.html
Encoding.html
FailOpenAuthentication.html
ForcedBrowsing.html
ForgotPassword.html
HiddenFieldTampering.html
HowToWork.html
HtmlClues.html
HttpBasics.html
HttpOnly.html
HttpSplitting.html
InsecureLogin.html
JSONInjection.html
JavaScriptValidation.html
Lesson_Plan_Template.html
LogSpoofing.html
MultiLevelLogin1.html
MultiLevelLogin2.html
NewLesson.html
PasswordStrength.html
PathBasedAccessControl.html
Phishing.html
ReflectedXSS.html
RemoteAdminFlaw.html
RoleBasedAccessControl.html
SQLInjection.html
SameOriginPolicyProtection.html
SessionFixation.html
SilentTransactions.html
SoapRequest.html
SqlNumericInjection.html
SqlStringInjection.html
StoredXss.html
ThreadSafetyProblem.html
TomcatSetup.html
TraceXSS.html
UncheckedEmail.html
UsefulTools.html
WSDLScanning.html
WeakAuthenticationCookie.html
WeakSessionID.html
WelcomeScreeen.html
WsSAXInjection.html
WsSqlInjection.html
XMLInjection.html
XPATHInjection.html
lesson_solutions
lessons
users
main.jsp
sideWindow.jsp
webgoat.jsp
webgoat_challenge.jsp
config
doc
build.xml
Eclipse-Workspace.zip
HOW TO create the WebGoat workspace.txt
build.xml
eclipse.bat
readme.txt
webgoat for SQL Server.bat
webgoat.bat
webgoat.sh
webgoat_8080.bat
webscarab.bat
WebGoat/main/project/WebContent/lesson_plans/HowToWork.html
mayhew64 6598829155 Added doc directory back into main project root. Build script moves doc to webcontent.
Changed how to work with WebGoat picture to have original buttons 

git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@348 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-05-12 14:22:33 +00:00

48 lines
2.5 KiB
HTML

<!-- Start Instructions -->
<h1>How To Work With WebGoat</h1>
<p>
Welcome to a short introduction to WebGoat.<br>
Here you will learn how to use WebGoat and additional tools for the lessons.<br><br>
</p>
<h2>Environment Information</h2>
<p>
WebGoat uses Apache Tomcat as server. It is setup to run on localhost. This
configuration is for single user. If you want to use WebGoat in a laboratory or in
class you might need to change the setup. Please refer to the Tomcat Configuration
in the Introduction section.</p>
<h2>The Interface Of WebGoat</h2>
<p>
<img src="/WebGoat/images/introduction/interface.jpg"><br><br>
1. These are Lesson Categories in WebGoat. Click on a Category to see all Lessons in it.<br>
2. This will show technical hints to solve the lesson.<br>
3. This will show the HTTP Request Parameters<br>
4. This will show the HTTP Request Cookies<br>
5. This will show goals and objectives of the lesson.<br>
6. This will show the underlying Java source code.<br>
7. This will show the complete solution of the selected lesson.<br>
8. If you want to restart a lesson you can use this link.</p>
<h2>Solve The Lesson</h2>
<p>
Always start with the lessons plan. Then try to solve the lesson and if necessary,
use the hints. If you cannot solve the lesson using the hints, you may view the
solution. Every step is explained there.</p>
<h2>Read And Edit Parameters</h2>
<p>
To read and edit Parameters you need a local proxy to intercept the HTTP request.
Here we use WebScarab. More informations to WebScarab you will get in the
Chapter "Useful Tools".
After installing WebScarab and using it as proxy on localhost we can start.<br><br>
<img src="/WebGoat/images/introduction/HowToUse_1.jpg"><br><br>
We have to select "Intercept Request" in the tab "Intercept". If we send a HTTP request we get a new WebScarab window.<br><br>
<img src="/WebGoat/images/introduction/HowToUse_2.jpg"><br><br>
Here we can read and edit the sent parameter. After "Accept changes" the request will be sent to the server.
</p>
<h2>Read And Edit Cookies</h2>
<p>
Often it is not only necessary to change the value of parameters but to change the value of cookies. We use again WebScarab and intercept the request as explained in the last topic.<br><br>
<img src="/WebGoat/images/introduction/HowToUse_3.jpg"><br><br>
We get a new window on sending a HTTP request. On the screenshot you see where we can find cookies and how to edit the values of them.
</p>
<!-- Stop Instructions -->