dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Adding introduction to WebGoat as the web interface opens with WebWolf which is confusing because people thought you needed to download WebWolf and start it directly. Feedback received during workshops

Browse Source
This commit is contained in:
Nanne Baars 2017-11-02 14:28:20 +01:00
parent 8729d9bfcf
commit 87a7521dcd
11 changed files with 125 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
webgoat-lessons/pom.xml
View File

@ -27,6 +27,7 @@
<module>xxe</module> <module>xxe</module>
<module>idor</module> <module>idor</module>
<module>vulnerable-components</module> <module>vulnerable-components</module>
<module>webgoat-introduction</module>
<module>webwolf-introduction</module> <module>webwolf-introduction</module>
<module>auth-bypass</module> <module>auth-bypass</module>
<module>missing-function-ac</module> <module>missing-function-ac</module>

11
webgoat-lessons/webgoat-introduction/pom.xml Normal file
View File

@ -0,0 +1,11 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<artifactId>webgoat-introduction</artifactId>
<packaging>jar</packaging>
<parent>
<groupId>org.owasp.webgoat.lesson</groupId>
<artifactId>webgoat-lessons-parent</artifactId>
<version>8.0.0.M2</version>
</parent>
</project>

11
webgoat-lessons/webgoat-introduction/pom.xml.versionsBackup Normal file
View File

@ -0,0 +1,11 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<artifactId>webwolf-introduction</artifactId>
<packaging>jar</packaging>
<parent>
<groupId>org.owasp.webgoat.lesson</groupId>
<artifactId>webgoat-lessons-parent</artifactId>
<version>8.0-SNAPSHOT</version>
</parent>
</project>

63
webgoat-lessons/webgoat-introduction/src/main/java/org/owasp/webgoat/plugin/WebGoatIntroduction.java Normal file
View File

@ -0,0 +1,63 @@
package org.owasp.webgoat.plugin;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson;
import java.util.ArrayList;
import java.util.List;
/**
* ************************************************************************************************
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/
* <p>
* Copyright (c) 2002 - 20014 Bruce Mayhew
* <p>
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
* <p>
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
* <p>
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
* <p>
* Getting Source ==============
* <p>
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
* projects.
* <p>
*
* @author WebGoat
* @version $Id: $Id
* @since October 12, 2016
*/
public class WebGoatIntroduction extends NewLesson {
@Override
public Category getDefaultCategory() {
return Category.INTRODUCTION;
}
@Override
public List<String> getHints() {
return new ArrayList();
}
@Override
public Integer getDefaultRanking() {
return 1;
}
@Override
public String getTitle() {
return "webgoat.title";
}
@Override
public String getId() {
return "WebGoatIntroduction";
}
}

8
webgoat-lessons/webgoat-introduction/src/main/resources/html/WebGoatIntroduction.html Normal file
View File

@ -0,0 +1,8 @@
<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:Introduction.adoc"></div>
</div>
</html>

1
webgoat-lessons/webgoat-introduction/src/main/resources/i18n/WebGoatLabels.properties Normal file
View File

@ -0,0 +1 @@
webgoat.title=WebGoat

BIN
webgoat-lessons/webgoat-introduction/src/main/resources/images/wg_logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.3 KiB

21
webgoat-lessons/webgoat-introduction/src/main/resources/lessonPlans/en/Introduction.adoc Normal file
View File

@ -0,0 +1,21 @@
== Introducing WebGoat
---
What is WebGoat?
WebGoat is a deliberately insecure application that allows interested developers just like you to _test vulnerabilities_
commonly found in Java-based applications that use common and popular open source components.
Now, while we in no way condone causing intentional harm to any animal, goat or otherwise, we think learning everything
you can about security vulnerabilities is essential to understanding just what happens when even a small bit of
unintended code gets into your applications.
What better way to do that than with your very own scapegoat?
Feel free to do what you will with Hack. Poke, prod and if it makes you feel better, scare him until your hearts content.
Go ahead, and Hack the goat. We promise he likes it.
Thanks for your interest!
*The WebGoat Team*

2
webgoat-lessons/webwolf-introduction/src/main/resources/html/WebWolfIntroduction.html
View File

@ -2,7 +2,7 @@
<html xmlns:th="http://www.thymeleaf.org"> <html xmlns:th="http://www.thymeleaf.org">
<div class="lesson-page-wrapper"> <div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:Introduction.adoc"></div> <div class="adoc-content" th:replace="doc:IntroductionWebWolf.adoc"></div>
</div> </div>
<div class="lesson-page-wrapper"> <div class="lesson-page-wrapper">

3
webgoat-lessons/webwolf-introduction/src/main/resources/lessonPlans/en/Introduction.adoc → webgoat-lessons/webwolf-introduction/src/main/resources/lessonPlans/en/IntroductionWebWolf.adoc
View File

@ -1,5 +1,8 @@
== Introducing WebWolf == Introducing WebWolf
NOTE: You only need WebWolf if you a lesson specifies you can use it. For a lot of lessons you use WebGoat without
starting WebWolf.
WebWolf is a separate web application which simulates an attackers machine. It makes it possible for us to WebWolf is a separate web application which simulates an attackers machine. It makes it possible for us to
make a clear distinction between what takes place on the attacked website and the actions you need to do as make a clear distinction between what takes place on the attacked website and the actions you need to do as
an "attacker". WebWolf was introduced after a couple of workshops where we received feedback about the fact there an "attacker". WebWolf was introduced after a couple of workshops where we received feedback about the fact there

5
webgoat-server/pom.xml
View File

@ -174,6 +174,11 @@
<artifactId>auth-bypass</artifactId> <artifactId>auth-bypass</artifactId>
<version>${project.version}</version> <version>${project.version}</version>
</dependency> </dependency>
<dependency>
<groupId>org.owasp.webgoat.lesson</groupId>
<artifactId>webgoat-introduction</artifactId>
<version>${project.version}</version>
</dependency>
<dependency> <dependency>
<groupId>org.owasp.webgoat.lesson</groupId> <groupId>org.owasp.webgoat.lesson</groupId>
<artifactId>webwolf-introduction</artifactId> <artifactId>webwolf-introduction</artifactId>