Difference between revisions of "Lesson Plans"

Revision as of 01:15, 23 December 2006

WebGoat User Guide Table of Contents

The current lesson plans included in this release of WebGoatv5 include:

Http Basics

HTTP Splitting and Cache Poisining

How to Exploit Thread Safety Problems

How to Discover Clues in the HTML

How to Exploit Hidden Fields

How to Exploit Unchecked Email

How to Bypass Client Side JavaScript Validation

How to Force Browser Web Resources

How to Bypass a Role Based Access Control Scheme

How to Bypass a Path Based Access Control Scheme

Using an Access Control Matrix

How to Exploit the Forgot Password Page

How to Spoof an Authentication Cookie

How to Hijack a Session

Basic Authentication

How to Perform Cross Site Trace Attacks

How to Perform Stored Cross Site Scripting

How to Perform Reflected Cross Site Scripting

HttpOnly Test

How to Perform Cross Site Trace Attacks

How to Perform Command Injection

How to Perform Blind SQL Injection

How to Perform Numeric SQL Injection

How to Perform Log Spoofing

How to Perform XPATH Injection Attacks

How to Perform String SQL Injection

How to Bypass a Fail Open Authentication Scheme

How to Peform Basic Encoding

Denial of Service from Multiple Logins

How to Create a SOAP Request

How to Perform WSDL Scanning

How to Perform Web Service SAX Injection

How to Perform Web Service SQL Injection

How to Perform DOM Injection Attack

How to Perform XML Injection Attacks

How to Add a New Lesson

The Challenge

For each lesson within WebGoat, an overview and objectives are provided. These are accessed through the Show Lesson Plan button.

These lesson plans describe the operation of each aspect of the target application, the areas of interest relating to the security assessment and the type of attack that should be attempted.

WebGoat User Guide Table of Contents

@@ Line 2: / Line 2: @@
 __TOC__
-The current lesson plans included in this release of WebGoatv4 include:
+The current lesson plans included in this release of WebGoatv5 include:
 {| border=1
   || Http Basics
+|-
+ || HTTP Splitting and Cache Poisining
 |-
   || How to Exploit Thread Safety Problems
@@ Line 15: / Line 17: @@
 |-
   || How to Bypass Client Side JavaScript Validation
+|-
+ || How to Force Browser Web Resources
 |-
   || How to Bypass a Role Based Access Control Scheme
 |-
   || How to Bypass a Path Based Access Control Scheme
+|-
+ || Using an Access Control Matrix
+|-
+ || How to Exploit the Forgot Password Page
 |-
   || How to Spoof an Authentication Cookie
+|-
+ || How to Hijack a Session
 |-
   || Basic Authentication
 |-
   || How to Perform Cross Site Trace Attacks
+|-
+ || How to Perform Stored Cross Site Scripting
+|-
+ || How to Perform Reflected Cross Site Scripting
+|-
+ || HttpOnly Test
+|-
+ || How to Perform Cross Site Trace Attacks
 |-
   || How to Perform Command Injection
 |-
   || How to Perform Blind SQL Injection
+|-
+ || How to Perform Numeric SQL Injection
+|-
+ || How to Perform Log Spoofing
+|-
+ || How to Perform XPATH Injection Attacks
+|-
+ || How to Perform String SQL Injection
 |-
   || How to Bypass a Fail Open Authentication Scheme
 |-
-  || Web Service SQL Injection
+  || How to Peform Basic Encoding
+|-
+ || Denial of Service from Multiple Logins
+|-
+ || How to Create a SOAP Request
+|-
+ || How to Perform WSDL Scanning
+|-
+ || How to Perform Web Service SAX Injection
+|-
+ || How to Perform Web Service SQL Injection
+|-
+ || How to Perform DOM Injection Attack
+|-
+ || How to Perform XML Injection Attacks
+|-
+ || How to Add a New Lesson
 |-
   || The Challenge

Difference between revisions of "Lesson Plans"

Revision as of 01:15, 23 December 2006

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools