Name _________________________________ Assignment #15WebGoat Part ICSC 482/582-001

coldwaterphewΔιακομιστές

17 Νοε 2013 (πριν από 3 χρόνια και 10 μήνες)

100 εμφανίσεις

Name _________________________________

Assignment #
15

WebGoat



Part I

C
SC 482/582
-
001





Go to
http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
.
This describes to
WebGoat Project. WebGoat teaches web application
security through a series of exercises.




Go to
http://code.google.com/p/webgoat/download
s/detail?name=WebGoat
-
OWASP_Standard
-
5.2.zip&can=4&q=WebGoat

. Click on WebGoat
-
OWASP_Standard5.
2
.zip. Download the zip file and unzip to install
WebGoat.




Web utilizes Apache Tomcat web server.




To start Tomcat, browse to the WebGoat5.
2

directory and double click
"webgoat.bat".




Start your browser and browse to:
http://localhost/WebGoat/attack
.



Problem 1




In the browser, click on General.



Click HTTP Ba
sics.



When you successfully complete this lesson, HTTP Basics should have a
green check

mark.




I successfully complete this lesson.
Initials

#A:

______________





Problem 2




Click on Code Quality.



Click on Discover Cues in the HTML



Click on Lesson Plan
and read it.



Click on Hint. It is displayed in red.



Comments in HTML begin with <!
--
.



Complete this exercise to get your green check mark.

What is the admin password?


Answer #B:







Problem 3




Click on LAB: SQL Injection



Click on Stage
1
:
String SQL
Injection



Click on Lesson Plan and read it.



Click on Hint. It is displayed in red.



If you get stuck, click on Solution.



Where it says to use WebScarab, use Tamper Data



Complete this exercise to get your green check mark.


Explain how you solved this probl
em.



Answer #C: