Le déroulement du TP autorisation :
Effectuer les exercices suivants de WebGoat et Juiceshop.
Dans Webgoat il faut effectuer les points suivants :
- (A1) Broken Access Control
- Insecure Direct Object References
- Missing Function Level Access Control
- Client side
- Bypass front-end restrictions
- Client side filtering
- HTML tampering
Dans Juiceshop il faut effectuer les points suivants :
- Score Board: Find the carefully hidden ‘Score Board’ page.
- Error Handling: Provoke an error that is neither very gracefully nor consistently handled.
- Confidential Document: Access a confidential document.
- Admin Section: Access the administration section of the store.
- Five-Star Feedback: Get rid of all 5-star customer feedback.
- View Basket: View another user’s shopping basket.