The current lesson plans included in this release of WebGoatv4 include:
|How to Exploit Thread Safety Problems|
|How to Discover Clues in the HTML|
|How to Exploit Hidden Fields|
|How to Exploit Unchecked Email|
|How to Bypass a Role Based Access Control Scheme|
|How to Bypass a Path Based Access Control Scheme|
|How to Spoof an Authentication Cookie|
|How to Perform Cross Site Trace Attacks|
|How to Perform Command Injection|
|How to Perform Blind SQL Injection|
|How to Bypass a Fail Open Authentication Scheme|
|Web Service SQL Injection|
For each lesson within WebGoat, an overview and objectives are provided. These are accessed through the Show Lesson Plan button.
These lesson plans describe the operation of each aspect of the target application, the areas of interest relating to the security assessment and the type of attack that should be attempted.