CSE 409 Fall 2011 Homework 3

CSE 409 Fall 2011 Homework 3

Download, install, and run OWASP WebGoat 5.2 Standard Edition (note this is an older version available from here). Complete the following excercises (5 points each). Turn in the solutions as a succinct description of your attacks, e.g.
  1. Login as "rob" with password "foo"
  2. Click "Order Pizza"
  3. Enter "magic value" into quantity field.
  4. Click "Submit Order"
Due in class on Oct. 31.
  1. Cross Site Scripting (XSS) / LAB: Cross Site Scripting / Stage 1: Stored XSS
  2. Cross Site Scripting (XSS) / LAB: Cross Site Scripting / Stage 5: Reflected XSS
  3. Cross Site Request Forgery (CSRF)
  4. Injection Flaws / LAB: SQL Injection / Stage 1: String SQL Injection
  5. Injection Flaws / LAB: SQL Injection / Stage 3: Numeric SQL Injection