密级
公开 WebGoat 5.4课程
北京知道创宇信息技术有限公司
2012-9
版本说明
修订人 修订内容 修订时间 版本号 审阅人 白河·愁 初稿 2011.11.8 0.1 文档信息
文档名称 文档编号 文档版本号 扩散范围 扩散批准人 保密级别 文档说明
WebGoat的课程指导,自己根据网上搜集的资料整理(主要是胡晓斌2011年7月的WebGoat5.2使用说明)和自己的理解完成和半完成。因能力有限,部分课程没有完成,希望有兴趣的人一起学习、补充。
版权声明
可以随便修改
II
目录
1. WebGoat简介 ........................................................................................................ 1 1.1. WebGoat安装 ..................................................................................................... 1 1.2. WebGoat启动 ..................................................................................................... 1 2. WebGoat课程 ........................................................................................................ 3 2.1. Introduction(介绍) ......................................................................................... 3 2.1.1. 2.1.2. 2.1.3. 2.1.4.
HowtoworkwithWebGoat ................................................................................ 3 HowToConfigureTomcat ................................................................................. 4 UsefulTools(工具介绍) .............................................................................. 6 CreateAWebGoatLesson .................................................................................. 7
2.2. General(常规) ................................................................................................ 7 2.2.1. 2.2.2.
HTTPBasic ....................................................................................................... 7 HTTPSplitting(HTTP拆分) ....................................................................... 7
2.3. AccessControlFlaws(访问控制缺陷) ............................................................ 8 2.3.1. 2.3.2. 2.3.3.
UsinganAccessControlMatrix .......................................................................... 8 BypassaPathBasedAccessControlScheme ....................................................... 9 LAB:RoleBasedAccessControl(基于角色的访问控制测试).................. 11
2.4. AJAXSecurity ................................................................................................... 14 2.4.1. 2.4.2. 2.4.3. 2.4.4. 2.4.5. 2.4.6. 2.4.7. 2.4.8. 2.4.9.
SameOriginPolicyProtection.......................................................................... 14 LAB:DOM-Basedcross-sitescripting ............................................................. 15 LAB:ClientSideFiltering ................................................................................ 18 DOMInjection ................................................................................................ 19 XMLInjection ................................................................................................ 20 JSONInjection ................................................................................................ 23 SilentTransactionsAttacks .............................................................................. 25 DangerousUseofEval ..................................................................................... 26 InsecureClientStorage .................................................................................... 26
III
2.5. AuthenticationFlaws(认证漏洞) .................................................................. 28 2.5.1. 2.5.2. 2.5.3. 2.5.4. 2.5.5.
PasswordStrength ........................................................................................... 28 ForgotPassword .............................................................................................. 29 BasicAuthentication ....................................................................................... 29 MultiLevelLogin1 .......................................................................................... 32 MultiLevelLogin2 .......................................................................................... 34
2.6. BufferOverflows(缓冲区溢出) .................................................................... 35 2.6.1.
Off-by-OneOverflows .................................................................................... 35
2.7. CodeQuality(代码质量) ............................................................................... 36 2.7.1.
DiscoverCluesintheHTML ............................................................................. 36
2.8. Concurrency(并发) ...................................................................................... 36 2.8.1. 2.8.2.
ThreadSafetyProblems ................................................................................... 36 ShoppingCartConcurrencyFlaw ..................................................................... 37
2.9. Cross-SiteScripting(XSS,跨站脚本) .............................................................. 39 2.9.1. 2.9.2. 2.9.3. 2.9.4. 2.9.5. 2.9.6. 2.9.7. 2.9.8. 2.9.9. 2.10.
PhishingwithXSS ........................................................................................... 39 LAB:CrossSiteScripting ................................................................................ 40 StoredXSSAttacks .......................................................................................... 41 ReflectedXSSAttacks ..................................................................................... 42 CrossSiteRequestForgery(CSRF) .................................................................. 42 CSRFPromptBy-Pass ..................................................................................... 44 CSRFTokenBy-Pass ....................................................................................... 44 HTTPOnlyTest ............................................................................................... 44 CrossSiteTracing(XST)Attacks ..................................................................... 45 ImproperErrorHandling(不正确的错误处理) ......................................... 46
2.10.1. FailOpenAuthenticationScheme .................................................................... 46 2.11.
InjectionFlaws(注入漏洞) ........................................................................ 47
2.11.1. CommandInjection ......................................................................................... 47 2.11.2. NumericSQLInjection .................................................................................... 48
IV
2.11.3. LogSpoofing .................................................................................................. 49 2.11.4. XPATHInjection ............................................................................................. 50 2.11.5. StringSQLInjection ........................................................................................ 51 2.11.6. LAB:SQLInjection ......................................................................................... 52 2.11.7. ModifyDatawithSQLInjection ....................................................................... 54 2.11.8. AddDatawithSQLInjection ............................................................................ 54 2.11.9. DatabaseBackdoors ........................................................................................ 55 2.11.10. Blind Numeric SQL Injection ........................................................................ 74 2.12.
Denial of Service(拒绝服务).................................................................... 74
2.12.1. Denial of Service from Multiple Logins ........................................................ 74 2.13.
Insecure Communication(不安全的通讯) ............................................... 75
2.13.1. Insecure Login ............................................................................................... 75 2.14.
Insecure Configuration(不安全配置)....................................................... 76
2.14.1. Forced Browsing ............................................................................................ 76 2.15.
Insecure Storage(不安全的存储) ............................................................. 77
2.15.1. Encoding Basics ............................................................................................. 77 2.16.
Malicious Execution(恶意执行) .............................................................. 78
2.16.1. Malicious File Execution ............................................................................... 78 2.17.
Parameter Tampering(参数篡改) ............................................................. 79
2.17.1. Bypass HTML Field Restrictions .................................................................. 79 2.17.2. Exploit Hidden Fields .................................................................................... 79 2.17.3. Exploit Unchecked Email .............................................................................. 79 2.17.4. Bypass Client Side JavaScript Validation ...................................................... 81 2.18.
Session Management Flaws(会话管理漏洞) ........................................... 82
2.18.1. Hijack a Session ............................................................................................. 82 2.18.2. Spoof an Authentication Cookie .................................................................... 82 2.18.3. Session Fixation ............................................................................................. 84 2.19.
Web Services .................................................................................................. 85
V