This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Appendix A: WebGoat lesson plans and solutions"
| Line 1: | Line 1: | ||
| − | + | <font><u>Phase 1 (first 50% of project)</u></font> | |
The zip file contains the WebGoat lesson plans and solutions. The current version needs some work (an index.html file, fix broken links, etc.) and a new version will be available on 28 July 2008 (note: the new version is available as of 27 July 2008). | The zip file contains the WebGoat lesson plans and solutions. The current version needs some work (an index.html file, fix broken links, etc.) and a new version will be available on 28 July 2008 (note: the new version is available as of 27 July 2008). | ||
| − | Please see readme.txt for instructions. | + | Please see readme.txt for instructions. The specific lesson solutions in this zip file are the ones not in the Phase 2 zip file listed below. |
[[Image:OWASP_Securing_WebGoat_using_ModSecurity_WebGoat_Lessons.zip]] | [[Image:OWASP_Securing_WebGoat_using_ModSecurity_WebGoat_Lessons.zip]] | ||
| − | + | <font><u>Phase 2 (second 50% of project)</u></font> | |
The zip files contain the WebGoat lesson solutions for the project lessons for Phase 2 that can be viewed off-line (meaning, not as a part of WebGoat plus with no broken links to the images). The files total around 12 meg but are broken into smaller chunks (unzip in the same directory). They allow someone to understand the WebGoat lessons fairly well without having to install and use WebGoat. Many images embedded in the pages are low-resolution *.png files; in the lesson's respective subdirectories, there are higher resolution *.jpg files which are helpful, for example, to get the exact text being used in WebScarab. | The zip files contain the WebGoat lesson solutions for the project lessons for Phase 2 that can be viewed off-line (meaning, not as a part of WebGoat plus with no broken links to the images). The files total around 12 meg but are broken into smaller chunks (unzip in the same directory). They allow someone to understand the WebGoat lessons fairly well without having to install and use WebGoat. Many images embedded in the pages are low-resolution *.png files; in the lesson's respective subdirectories, there are higher resolution *.jpg files which are helpful, for example, to get the exact text being used in WebScarab. | ||
| Line 19: | Line 19: | ||
[[Image:ModSec_on_WebGoat_solutions4_Phase2.zip]] | [[Image:ModSec_on_WebGoat_solutions4_Phase2.zip]] | ||
| + | |||
| + | The lessons contained in the Phase 2 zip files are: | ||
| + | 1.1 Http Basics | ||
| + | 2.2 Bypass a Path Based Access Control Scheme | ||
| + | 2.3 LAB: Role Based Access Control | ||
| + | 3.1 LAB: DOM-Based cross-site scripting | ||
| + | 3.2 LAB: Client Side Filtering | ||
| + | 3.4 DOM Injection | ||
| + | 3.5 XML Injection | ||
| + | 3.6 JSON Injection | ||
| + | 3.7 Silent Transactions Attacks | ||
| + | 3.8 Dangerous Use of Eval | ||
| + | 3.9 Insecure Client Storage | ||
| + | 7.1 Thread Safety Problem | ||
| + | 7.2 Shopping Cart Concurrency Flaw | ||
| + | 8.3 Stored XSS Attacks | ||
| + | 8.6 HTTPOnly Test | ||
| + | 9.1 Denial of Service from Multiple Logins | ||
| + | 12.1 Insecure Login | ||
| + | 14.1 Encoding Basics | ||
| + | 15.3 Bypass Client Side JavaScript Validation | ||
| + | 16.1 Hijack a Session | ||
| + | 16.2 Spoof an Authentication Cookie | ||
| + | 16.3 Session Fixation | ||
| + | 17.1 Create a SOAP Request | ||
| + | 17.2 WSDL Scanning | ||
| + | |||
| + | All other lesson solutions are in the Phase 1 zip file. | ||
Revision as of 07:15, 21 October 2008
Phase 1 (first 50% of project)
The zip file contains the WebGoat lesson plans and solutions. The current version needs some work (an index.html file, fix broken links, etc.) and a new version will be available on 28 July 2008 (note: the new version is available as of 27 July 2008).
Please see readme.txt for instructions. The specific lesson solutions in this zip file are the ones not in the Phase 2 zip file listed below.
File:OWASP Securing WebGoat using ModSecurity WebGoat Lessons.zip
Phase 2 (second 50% of project)
The zip files contain the WebGoat lesson solutions for the project lessons for Phase 2 that can be viewed off-line (meaning, not as a part of WebGoat plus with no broken links to the images). The files total around 12 meg but are broken into smaller chunks (unzip in the same directory). They allow someone to understand the WebGoat lessons fairly well without having to install and use WebGoat. Many images embedded in the pages are low-resolution *.png files; in the lesson's respective subdirectories, there are higher resolution *.jpg files which are helpful, for example, to get the exact text being used in WebScarab.
File:ModSec on WebGoat solutions1 Phase2.zip
File:ModSec on WebGoat solutions2 Phase2.zip
File:ModSec on WebGoat solutions3 Phase2.zip
File:ModSec on WebGoat solutions4 Phase2.zip
The lessons contained in the Phase 2 zip files are: 1.1 Http Basics 2.2 Bypass a Path Based Access Control Scheme 2.3 LAB: Role Based Access Control 3.1 LAB: DOM-Based cross-site scripting 3.2 LAB: Client Side Filtering 3.4 DOM Injection 3.5 XML Injection 3.6 JSON Injection 3.7 Silent Transactions Attacks 3.8 Dangerous Use of Eval 3.9 Insecure Client Storage 7.1 Thread Safety Problem 7.2 Shopping Cart Concurrency Flaw 8.3 Stored XSS Attacks 8.6 HTTPOnly Test 9.1 Denial of Service from Multiple Logins 12.1 Insecure Login 14.1 Encoding Basics 15.3 Bypass Client Side JavaScript Validation 16.1 Hijack a Session 16.2 Spoof an Authentication Cookie 16.3 Session Fixation 17.1 Create a SOAP Request 17.2 WSDL Scanning
All other lesson solutions are in the Phase 1 zip file.
