Email from Boris Grginčić
I've been looking at WebGoat-6.0.1 a bit and noticed a problem with the introduction description of the lessons: Cross Site Request Forgery (CSRF) and CSRF Prompt By-Pass
In Webgoat 5.4 the following sentences were true, however in 6.0 you changed the menu functionality so they are not correct:
"You can copy the shortcut from the left hand menu by right clicking on the left hand menu and choosing copy shortcut."
All menu links when copied point to: http://host/WebGoat/start.mvc
I guess the new sentence should be along the lines:
"*To get the URL of the current lesson you need a local proxy like OWASP ZAP to intercept the HTTP request. *"