Feature/CWE 20

insecureinc/src/main/webapp/cwe20.jsp

@@ -0,0 +1,61 @@
+<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
+<%@ page import="inc.insecure.*" %>
+<%@ page import="insecure.inc.Constants" %>
+<%
+String alertVisibility = "hidden";
+String usr = request.getParameter("usr");
+String pwd = request.getParameter("pwd");
+
+if(usr!=null && pwd!=null) { 
+	alertVisibility="";
+	if(usr.equals("demo") && pwd.equals("demo1234")) {
+    request.getSession().setAttribute("cwe20loggedin", true);
+		response.sendRedirect("cwe20loggedin.jsp");
+	}
+}
+%>
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<title>Improper Input Validation</title>
+<link rel="stylesheet" href="public/bootstrap/css/bootstrap.min.css">
+<script src="public/jquery.min.js"></script>
+<script src="public/bootstrap/js/bootstrap.min.js"></script>
+
+</head>
+<body>
+<nav class="navbar navbar-inverse">
+  <div class="container-fluid">
+    <div class="navbar-header">
+      <a class="navbar-brand" href="index.jsp">Insecure Inc.</a>
+    </div>
+    <ul class="nav navbar-nav">
+      <li class="active"><a href="#">cwe20 - Improper Input Validation</a></li>
+    </ul>
+  </div>
+</nav>
+<div class="container"> 
+<p>Welcome to cwe20 - Improper Input Validation!</p>
+<p>Your yearly subscription to Insecure Inc. is about to expire. Please login to pay for your next year of subscription.</p>
+<p>You can use the following guest account credentials to login, 
+user: <code>demo</code>, password: <code>demo1234</code> </p>
+<form action="cwe20.jsp" autocomplete="off" method="POST">
+<div class="form-group">
+  <label for="usr">Name:</label>
+  <input type="text" class="form-control" id="usr" name="usr">
+</div>
+<!-- disables autocomplete --><input type="text" style="display:none">
+<div class="form-group">
+  <label for="pwd">Password:</label>
+  <input type="password" class="form-control" id="pwd" name="pwd">
+</div>
+<input type="submit" id="submit" class="btn" value="Submit">
+<br><br>
+<div class="alert alert-danger <%=alertVisibility%>">
+  Invalid credentials!
+</div>
+</form>
+</div>
+</body>
+</html>

insecureinc/src/main/webapp/cwe20loggedin.jsp

@@ -0,0 +1,93 @@
+<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
+<%@ page import="inc.insecure.*" %>
+<%@ page import="insecure.inc.Constants" %>
+<%
+
+String alertVisibility = "hidden";
+String error = "";
+String logoutParameter = request.getParameter("logout");
+
+if(logoutParameter!=null){
+  if(logoutParameter.equals("true")){
+    response.sendRedirect("cwe20.jsp?loggedin=false");	
+  }
+}
+
+if(session == null || session.getAttribute("cwe20loggedin") == null || !(boolean)session.getAttribute("cwe20loggedin")) {
+	response.sendRedirect("cwe20.jsp?loggedin=false");
+}
+else {
+  String cost = request.getParameter("cost");
+  int costParsed = 0;
+
+  try {
+    costParsed = Integer.parseInt(cost);
+  } catch (Exception e) {
+    cost = null;
+  }
+
+  if(cost != null) {
+    alertVisibility = "";
+
+    if(costParsed == 0) {
+      error = "The subscription amount cannot be zero!";
+    } else if (costParsed > 0) {
+      error = "Subscription was renewed!";
+    } else {
+      session.setAttribute(Constants.CHALLENGE_ID,"cwe20");
+      response.sendRedirect(Constants.SECRET_PAGE);
+    }
+  }
+}
+
+%>
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<title>Guest</title>
+<link rel="stylesheet" href="public/bootstrap/css/bootstrap.min.css">
+<script src="public/jquery.min.js"></script>
+<script src="public/bootstrap/js/bootstrap.min.js"></script>
+
+</head>
+<body>
+<nav class="navbar navbar-inverse">
+  <div class="container-fluid">
+    <div class="navbar-header">
+      <a class="navbar-brand" href="index.jsp">Insecure Inc.</a>
+    </div>
+    <ul class="nav navbar-nav">
+      <li class="active"><a href="#">Guest</a></li>
+    </ul>
+
+    <ul class="nav navbar-nav navbar-right">
+        <li><a href="cwe20loggedin.jsp?logout=true"><span class="glyphicon glyphicon-log-out"></span> Logout</a></li>
+    </ul>
+
+  </div>
+</nav>
+<div class="container"> 
+<h1>Time to renew your subscription for Insecure Inc.</h1>
+<p>Select your payment method and purchase your next year of service</p>
+<form action="cwe20loggedin.jsp" autocomplete="off" method="POST">
+    <div class="form-group">
+      <label for="payment">Payment Method:</label>
+      <select name="payment" id="payment">
+        <option value="1" selected>Visa card ending *2356</option>
+      </select>
+      <input type="hidden" class="form-control" id="cost" name="cost" value="60">
+    </div>
+    <input type="submit" id="submit" class="btn" value="Submit">
+    <br>
+    <br>
+    After submitting your renewal, you will see a charge of $60 on your statement under "Insecure Inc."
+    <br>
+    <br>
+    <div class="alert alert-danger <%=alertVisibility%>">
+      <%=error%>
+    </div>
+    </form>
+</div>
+</body>
+</html>

insecureinc/src/main/webapp/index.jsp

@@ -67,6 +67,7 @@ body {
                     	  <li><a href="cwe209.jsp">Generation of Error Message Containing Sensitive Information</a></li>
                     	  <li><a href="cwe94.jsp">Improper Control of Generation of Code ('Code Injection')</a></li>
                           <li><a href="cwe347.jsp">Improper Verification of Cryptographic Signature</a></li>
+                          <li><a href="cwe20.jsp">Improper Input Validation</a></li>
 		          <li><a href="cwe307.jsp">Improper Restriction of Excessive Authentication Attempts</a></li>
 		          <li><a href="cwe190.jsp">Integer Overflow or Wraparound</a></li>
 		          <li><a href="cwe494.jsp">Download of Code Without Integrity Check</a></li>

trainingportal/static/lessons/blackBelt/cwe20.md

@@ -0,0 +1,6 @@
+The purpose of this challenge is to demonstrate the MITRE Top 25 programming flaw: 'Improper Input Validation'. Given that this CWE is broad and covers many different underlying attacks, the focus of this challenge will be in logical operations.
+
+> *"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly."*
+> - From MITRE [CWE 20](https://cwe.mitre.org/data/definitions/20.html) 
+
+The developer of the vulnerable application has implemented a subscription page for users to renew subscription to the service. The developer has not considered all possibilities that should be validated with the untrusted data coming from the user. Find a way to renew the subscription without paying any money.

trainingportal/static/lessons/blackBelt/cwe20.sol.md

@@ -0,0 +1,12 @@
+### Solution for "Improper Input Validation" challenge
+
+Systems that accept data from the user should perform all possible data validations for the given context that the data will be used in, and reject the data if it does not conform to the expectations of the data format. Just a few examples include:
+
+- Ensuring data that should represent a number is only comprised of numeric characters and is greater than or equal to zero if the number is expected to be positive
+- Ensuring data that should only be a certain length or within a certain range of values conforms to that expectation
+- Ensuring reasonableness of data, like it does not really make sense that a user is requesting 1,000,000,000,000 units of a product
+
+To pass this challenge: 
+
+- Inspect the HTML of the form; the goal is to find values that can be tampered with
+- Submit the form with values such that a subscription renewal will occur without the system deducting a payment 

trainingportal/static/lessons/blackBelt/definitions.json

@@ -71,6 +71,15 @@
                 "playLink":"/cwe22.jsp",
                 "description": "cwe22.html",
                 "codeBlockIds":["indirectObjectReferences","inputAllowListing","principleOfLeastPrivilege"]
+            },
+            {
+                "id":"cwe20",
+                "name":"Improper Input Validation", 
+                "description": "cwe20.md",
+                "attackGram":"improperinputvalidation.png",
+                "solution":"cwe20.sol.md",
+                "playLink":"/cwe20.jsp",
+                "codeBlockIds":["serverSideValidation","inputAllowListing"]
             }
         ]
     },

trainingportal/static/lessons/modules.json

@@ -31,7 +31,7 @@
         "name":"Black Belt",
         "summary":"Common software security flaws - part 2",
         "description":"Lessons are entry level difficulty aimed at introducing the concepts of vulnerability, exploit and software defense.",
-        "description2":"Includes 13 lessons. Estimated duration 2 hours.",
+        "description2":"Includes 14 lessons. Estimated duration 2 hours.",
         "badgeInfo":{
             "line1":"Secure Coding",
             "line2":"Black Belt",
@@ -67,7 +67,7 @@
     "redTeam":{
         "name":"Red Team",
         "summary":"Pen-testing tools and techniques",
-        "description":"Learn about scanning, exploitation and persistance. Leverage vulnerabilities found in a cloud container application and perform lateral movement to cloud account resources.",
+        "description":"Learn about scanning, exploitation and persistence. Leverage vulnerabilities found in a cloud container application and perform lateral movement to cloud account resources.",
         "requiredModules":["blackBelt"]
     },
     "blueTeam":{