Start Webgoat as you did before, so you can see the WebGoat main page in a Web Browser.
On the left of the WebGoat window, click "Injection Flaws".
In the "Injection Flaws" section, click the fifth item, labelled "String SQL Injection", as shown below.
Note: Don't click the "Stage 1: String SQL Injection" link. That lesson requires a proxy and is beyond the scope of this course.
Click the Lesson Plan button. A box opens explaining the purpose of this lesson. Read it. Then click the gray "Close this window" text at the bottom of the box.
Do the exercise. If you get stuck, use the Hints button or the "Solution Videos" button.
When you complete the lesson, you will see a green check mark on the left side of the page, as shown below.
Modify Data with SQL Injection
Add Data with SQL Injection
When you complete the lessons, you will see three green check marks on the left side of the page, as shown below.
Save this image with a filename of Proj_12_from_Your_Name.
Email the image to firstname.lastname@example.org with a subject of "Project 12 from YOUR NAME".