dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
platformQuickStarts
webgoat-container
webgoat-images
webgoat-lessons
bypass-restrictions
challenge
client-side-filtering
command-injection
cross-site-scripting
csrf
html-tampering
src
main
java
resources
html
i18n
images
lessonPlans
en
HtmlTampering_Intro.adoc
HtmlTampering_Mitigation.adoc
HtmlTampering_Task.adoc
pom.xml
http-basics
http-proxies
idor
insecure-login
jwt
sql-injection
vulnerable-components
webgoat-lesson-template
xxe
pom.xml
sol.txt
webgoat-server
.gitignore
.travis.yml
README.MD
buildspec.yml
mvn-debug
pom.xml
webgoat_developer_bootstrap.sh
dd18e68660d726baf7229fcc33e3877fb4a0440e
WebGoat/webgoat-lessons/html-tampering/src/main/resources/lessonPlans/en/HtmlTampering_Mitigation.adoc
Nanne Baars b048988d2f Changed layout of the html tampering lesson and fixed some JavaScript issues. Added a small mitigation page. 
Moved the lessons concerning client side validation to client side category
2017-06-13 03:22:19 +02:00

15 lines
601 B
Plaintext
Executable File
Raw Blame History

=== Mitigation
In this simple example you noticed that the price is calculated server side and send to the server. The server
accepted the input as a given and did not calculate the price again. One of the mitigations in this case is to look up
the price of the television in your database and calculate the total price again.
In a real application you should never rely on client side validation it is important to verify all the input
send by the client. Always remember: **NEVER TRUST INPUT SEND BY A CLIENT.**
''''
==== References
https://www.owasp.org/index.php/Input_Validation_Cheat_Sheet
Reference in New Issue View Git Blame Copy Permalink