Feature/CWE 798

[timmyteo]

@paul-ion let me know your thoughts on this new yellow belt challenge. You mentioned this could be a good addition. I am happy to make any changes that make sense. In particular, I am wondering:

• Do you think the HTML page description (not the solution markdown) needs a hint like: "A .jar file is an archive/collection of other files"?
• Does the attack gram look good or is there a better representation for this CWE?
• I edited the attack gram powerpoint with LibreOffice, so hoping that doesn't mess up formatting of existing slides, when viewed in Microsoft Powerpoint
• Do you think the code block associated to this challenge is accurate?
• Is the location of the validate.jar file in the website structure a good place, or is there a better place it should live, being a static file that needs to be available for download?
• Should the .java and .properties files which compose the contents of the validate.jar file be stored somewhere in this repository, in case the challenge needs updates in the future? Presently I am not including them in this pull request.
• Should a question be added to the final quiz in relation to this new challenge?

[paul-ion]

Thank you for the PR, @timmyteo. It looks great!

We don't have a code block for Hard-Coded Credentials but I think the one you used is the closest. It does speak about changing credentials across environments which implies that hardcoded creds should not be used.

As far as placing the script file it can go in the /resources/ folder next to the .c files used for the memory challenges.

Thanks again for your contributions! I really appreciate your interest in the project.

[timmyteo]

Thanks @paul-ion, I added the .jar supporting files to the resources folder.

[paul-ion]

Many thanks @timmyteo !