exercises.md

HTTP Basics

• http://localhost:8080/WebGoat/start.mvc#lesson/HttpProxies.lesson/5
• http://localhost:8080/WebGoat/start.mvc#lesson/HtmlTampering.lesson/1
• http://localhost:8080/WebGoat/start.mvc#lesson/ClientSideFiltering.lesson/2

SQL injection - 1

• http://localhost:8080/WebGoat/start.mvc#lesson/SqlInjection.lesson/8
• http://localhost:8080/WebGoat/start.mvc#lesson/SqlInjection.lesson/9
• http://localhost:8080/WebGoat/start.mvc#lesson/SqlInjection.lesson/10
• Familiar with SQL injections, try: http://localhost:8080/WebGoat/start.mvc#lesson/SqlInjectionAdvanced.lesson/4 (hint column in database for password is: password)

SQL injection - 2

• http://localhost:8080/WebGoat/start.mvc#lesson/SqlInjectionMitigations.lesson/11

XXE

• http://localhost:8080/WebGoat/start.mvc#lesson/XXE.lesson/3
• Familiar with XXE, try: http://localhost:8080/WebGoat/start.mvc#lesson/XXE.lesson/10