Basic Operation

From OWASP
Revision as of 14:30, 5 June 2006 by Weilin Zhong (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

WebGoat User Guide Table of Contents


At each stage of an application security assessment, it is important to understand the operation of the target.

This typically involves:

  • Examining client side content, such as HTML and script
  • Analyzing communications between the client and server
  • Reviewing cookies and other local data

The browser typically makes it simple to view HTML source. WebGoat expands on that with operations to Show Params, Show HTML, Show Cookies and Show Java.

Under normal circumstances the browser provides a feature to view HTML source. For Microsoft Internet Explorer this is “Source” under the View menu. For Firefox this is “Page Source” under the view menu. The Show HTML feature of WebGoat shows only the HTML that is relevant for the current lesson. This view does not include HTML for side and top bars.

[[Image:WebGoat Show HTML.gif|Figure 4: Show HTML]

Parameters and cookies display in red.

Figure 5: Show Params & Cookies

Show Java will open a new window containing source code.

Figure 6: Show Java


WebGoat User Guide Table of Contents