Lesson Plans

Revision as of 13:25, 5 June 2006 by Weilin Zhong (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

WebGoat User Guide Table of Contents

The current lesson plans included in this release of WebGoatv4 include:

Http Basics
How to Exploit Thread Safety Problems
How to Discover Clues in the HTML
How to Exploit Hidden Fields
How to Exploit Unchecked Email
How to Bypass Client Side JavaScript Validation
How to Bypass a Role Based Access Control Scheme
How to Bypass a Path Based Access Control Scheme
How to Spoof an Authentication Cookie
Basic Authentication
How to Perform Cross Site Trace Attacks
How to Perform Command Injection
How to Perform Blind SQL Injection
How to Bypass a Fail Open Authentication Scheme
Web Service SQL Injection
The Challenge

For each lesson within WebGoat, an overview and objectives are provided. These are accessed through the Show Lesson Plan button.

Figure 3: Show Lesson Plan

These lesson plans describe the operation of each aspect of the target application, the areas of interest relating to the security assessment and the type of attack that should be attempted.

WebGoat User Guide Table of Contents