Access Control Flaws [Sept. 16, 2011, 12:15 a.m.]
Lesson
Under “Access Control Flaws” read through the lessons and lesson plans there:
- Using an Access Control Matrix
- Bypass a Path Based Access Control Scheme
Also do “Remote Admin Access” which is about finding vulnerabilities with an admin interface.
Lab
Work through the lab “Role Based Access Control.” Two only work with the developer version of WebGoat. Feel free to skip those if you don’t have that version. Be sure and do “Remote Admin Access” after reading the lesson plan on how to force browser web resources (found under “Lesson Plan”).
Discuss
Briefly discuss your experience this week. Some ideas follow but you don’t have to answer all the questions. Did you learn something interesting? Was there something confusing in the lesson that you had to look up? If so, what was it? Did you have any issues installing the tools? Was it too much or too little work? Anything to add to it to make it better for the next round of students? Anything else you’d like to discuss about this week’s lesson?
A discussion works best when there are at least two people involved so I encourage you to comment on other people’s posts!