b0b94c4688
divide by zero, inaccurate discount and totals, reflection of user input git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@273 4033779f-a91e-0410-96ef-6bf7bf53c507
16 lines
661 B
HTML
16 lines
661 B
HTML
<div align="Center">
|
|
<p><b>Lesson Plan Title: </b>Insecure Client Storage</p>
|
|
</div>
|
|
<p><b>Concept / Topic To Teach:</b> </p>
|
|
<!-- Start Instructions -->
|
|
It is always a good practice to validate all input on the server side. Leaving the
|
|
mechanism for validation on the client side leaves it vulnerable to reverse
|
|
engineering. Remember, anything on the client side should not be
|
|
considered a secret.
|
|
<!-- Stop Instructions -->
|
|
<p><b>General Goal(s):</b> </p>
|
|
For this exercise, your mission is to discover a coupon code to receive an unintended
|
|
discount. Then, exploit the use of client side validation to submit an order with a
|
|
cost of zero.
|
|
|