dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
webgoat
main
project
JavaSource
WebContent
META-INF
WEB-INF
css
database
images
javascript
lesson_plans
AccessControlMatrix.html
BasicAuthentication.html
BlindSqlInjection.html
BufferOverflow.html
CSRF.html
ChallengeScreen.html
CommandInjection.html
CrossSiteScripting.html
DOS_Login.html
Encoding.html
FailOpenAuthentication.html
ForcedBrowsing.html
ForgotPassword.html
HiddenFieldTampering.html
HtmlClues.html
HttpBasics.html
HttpOnly.html
HttpSplitting.html
JavaScriptValidation.html
Lesson_Plan_Template.html
LogSpoofing.html
NewLesson.html
PathBasedAccessControl.html
ReflectedXSS.html
RemoteAdminFlaw.html
RoleBasedAccessControl.html
SoapRequest.html
SqlNumericInjection.html
SqlStringInjection.html
StoredXss.html
ThreadSafetyProblem.html
TraceXSS.html
UncheckedEmail.html
WSDLScanning.html
WeakAuthenticationCookie.html
WeakSessionID.html
WelcomeScreeen.html
WsSAXInjection.html
WsSqlInjection.html
lesson_template
lessons
users
main.jsp
sideWindow.jsp
webgoat.jsp
webgoat_challenge.jsp
doc
HOW TO create the WebGoat workspace.txt
eclipse.bat
webgoat.bat
webgoat.sh
webgoat_8080.bat
webscarab.bat
99779ea2e9ebd048f290e4ea232cf6d184c08e02
WebGoat/ webgoat/main/project/WebContent/lesson_plans/JavaScriptValidation.html
mayhew64 98949c00d8 Moved remotely 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@15 4033779f-a91e-0410-96ef-6bf7bf53c507
2006-09-30 13:41:26 +00:00

10 lines
906 B
HTML
Raw Blame History

<div align="Center">
<p><b>Lesson Plan Title:</b> How to Bypass Client Side JavaScript Validation </p>
</div>
<p><b>Concept / Topic To Teach:</b> </p>
<!-- Start Instructions -->
Client-side validation should not be considered a secure means of validating parameters. These validation only help reduce the amount of server processing time for normal users who do not know the format of required input. Attackers can bypass these mechanisms easily in various ways. Any client-side validation should be duplicated on the server side. This will greatly reduce the likelyhood of insecure parameter values being used in the application.
<!-- Stop Instructions -->
<br>
<p><b>General Goal(s):</b> </p>
For this exercise, the web site requires that you follow certain rules when you fill out a form. The user should be able to break those rules, and send the website input that it wasn't expecting. <br>
Reference in New Issue View Git Blame Copy Permalink