98949c00d8
git-svn-id: http://webgoat.googlecode.com/svn/trunk@15 4033779f-a91e-0410-96ef-6bf7bf53c507
23 lines
1.3 KiB
HTML
23 lines
1.3 KiB
HTML
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
|
<html>
|
|
<head>
|
|
|
|
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
|
|
<title>Lesson Plan</title>
|
|
</head>
|
|
<body>
|
|
|
|
<div align="Center">
|
|
<p><b>Lesson Plan Title:</b> How to Exploit Thread Safety Problems </p>
|
|
</div>
|
|
|
|
<p><b>Concept / Topic To Teach:</b> </p>
|
|
<!-- Start Instructions -->
|
|
Web applications can handle many HTTP requests simultaneously. Developers often use variables that are not thread safe. Thread safety means that the fields of an object or class always maintain a valid state when used concurrently by multiple threads. It is often possible to exploit a concurrency bug by loading the same page as another user at the exact same time. Because all threads share the same method area, and the method area is where all class variables are stored, multiple threads can attempt to use the same class variables concurrently. <br>
|
|
<!-- Stop Instructions -->
|
|
<p><b>General Goal(s):</b> </p>
|
|
The user should be able to exploit the concurrency error in the web application and view login information for another user that is attempting the same function at the same time. <b>This will require the use of two browsers</b>.
|
|
<br>
|
|
</body>
|
|
</html>
|