WebGoat 5.4课程 - 图文 下载本文

内容发布更新时间 : 2024/12/24 20:21:57星期一 下面是文章的全部内容请认真阅读。

密级

公开 WebGoat 5.4课程

北京知道创宇信息技术有限公司

2012-9

版本说明

修订人 修订内容 修订时间 版本号 审阅人 白河·愁 初稿 2011.11.8 0.1 文档信息

文档名称 文档编号 文档版本号 扩散范围 扩散批准人 保密级别 文档说明

WebGoat的课程指导,自己根据网上搜集的资料整理(主要是胡晓斌2011年7月的WebGoat5.2使用说明)和自己的理解完成和半完成。因能力有限,部分课程没有完成,希望有兴趣的人一起学习、补充。

版权声明

可以随便修改

II

目录

1. WebGoat简介 ........................................................................................................ 1 1.1. WebGoat安装 ..................................................................................................... 1 1.2. WebGoat启动 ..................................................................................................... 1 2. WebGoat课程 ........................................................................................................ 3 2.1. Introduction(介绍) ......................................................................................... 3 2.1.1. 2.1.2. 2.1.3. 2.1.4.

HowtoworkwithWebGoat ................................................................................ 3 HowToConfigureTomcat ................................................................................. 4 UsefulTools(工具介绍) .............................................................................. 6 CreateAWebGoatLesson .................................................................................. 7

2.2. General(常规) ................................................................................................ 7 2.2.1. 2.2.2.

HTTPBasic ....................................................................................................... 7 HTTPSplitting(HTTP拆分) ....................................................................... 7

2.3. AccessControlFlaws(访问控制缺陷) ............................................................ 8 2.3.1. 2.3.2. 2.3.3.

UsinganAccessControlMatrix .......................................................................... 8 BypassaPathBasedAccessControlScheme ....................................................... 9 LAB:RoleBasedAccessControl(基于角色的访问控制测试).................. 11

2.4. AJAXSecurity ................................................................................................... 14 2.4.1. 2.4.2. 2.4.3. 2.4.4. 2.4.5. 2.4.6. 2.4.7. 2.4.8. 2.4.9.

SameOriginPolicyProtection.......................................................................... 14 LAB:DOM-Basedcross-sitescripting ............................................................. 15 LAB:ClientSideFiltering ................................................................................ 18 DOMInjection ................................................................................................ 19 XMLInjection ................................................................................................ 20 JSONInjection ................................................................................................ 23 SilentTransactionsAttacks .............................................................................. 25 DangerousUseofEval ..................................................................................... 26 InsecureClientStorage .................................................................................... 26

III

2.5. AuthenticationFlaws(认证漏洞) .................................................................. 28 2.5.1. 2.5.2. 2.5.3. 2.5.4. 2.5.5.

PasswordStrength ........................................................................................... 28 ForgotPassword .............................................................................................. 29 BasicAuthentication ....................................................................................... 29 MultiLevelLogin1 .......................................................................................... 32 MultiLevelLogin2 .......................................................................................... 34

2.6. BufferOverflows(缓冲区溢出) .................................................................... 35 2.6.1.

Off-by-OneOverflows .................................................................................... 35

2.7. CodeQuality(代码质量) ............................................................................... 36 2.7.1.

DiscoverCluesintheHTML ............................................................................. 36

2.8. Concurrency(并发) ...................................................................................... 36 2.8.1. 2.8.2.

ThreadSafetyProblems ................................................................................... 36 ShoppingCartConcurrencyFlaw ..................................................................... 37

2.9. Cross-SiteScripting(XSS,跨站脚本) .............................................................. 39 2.9.1. 2.9.2. 2.9.3. 2.9.4. 2.9.5. 2.9.6. 2.9.7. 2.9.8. 2.9.9. 2.10.

PhishingwithXSS ........................................................................................... 39 LAB:CrossSiteScripting ................................................................................ 40 StoredXSSAttacks .......................................................................................... 41 ReflectedXSSAttacks ..................................................................................... 42 CrossSiteRequestForgery(CSRF) .................................................................. 42 CSRFPromptBy-Pass ..................................................................................... 44 CSRFTokenBy-Pass ....................................................................................... 44 HTTPOnlyTest ............................................................................................... 44 CrossSiteTracing(XST)Attacks ..................................................................... 45 ImproperErrorHandling(不正确的错误处理) ......................................... 46

2.10.1. FailOpenAuthenticationScheme .................................................................... 46 2.11.

InjectionFlaws(注入漏洞) ........................................................................ 47

2.11.1. CommandInjection ......................................................................................... 47 2.11.2. NumericSQLInjection .................................................................................... 48

IV

2.11.3. LogSpoofing .................................................................................................. 49 2.11.4. XPATHInjection ............................................................................................. 50 2.11.5. StringSQLInjection ........................................................................................ 51 2.11.6. LAB:SQLInjection ......................................................................................... 52 2.11.7. ModifyDatawithSQLInjection ....................................................................... 54 2.11.8. AddDatawithSQLInjection ............................................................................ 54 2.11.9. DatabaseBackdoors ........................................................................................ 55 2.11.10. Blind Numeric SQL Injection ........................................................................ 74 2.12.

Denial of Service(拒绝服务).................................................................... 74

2.12.1. Denial of Service from Multiple Logins ........................................................ 74 2.13.

Insecure Communication(不安全的通讯) ............................................... 75

2.13.1. Insecure Login ............................................................................................... 75 2.14.

Insecure Configuration(不安全配置)....................................................... 76

2.14.1. Forced Browsing ............................................................................................ 76 2.15.

Insecure Storage(不安全的存储) ............................................................. 77

2.15.1. Encoding Basics ............................................................................................. 77 2.16.

Malicious Execution(恶意执行) .............................................................. 78

2.16.1. Malicious File Execution ............................................................................... 78 2.17.

Parameter Tampering(参数篡改) ............................................................. 79

2.17.1. Bypass HTML Field Restrictions .................................................................. 79 2.17.2. Exploit Hidden Fields .................................................................................... 79 2.17.3. Exploit Unchecked Email .............................................................................. 79 2.17.4. Bypass Client Side JavaScript Validation ...................................................... 81 2.18.

Session Management Flaws(会话管理漏洞) ........................................... 82

2.18.1. Hijack a Session ............................................................................................. 82 2.18.2. Spoof an Authentication Cookie .................................................................... 82 2.18.3. Session Fixation ............................................................................................. 84 2.19.

Web Services .................................................................................................. 85

V