dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

owasp top10-2021 (#1235)

Browse Source
This commit is contained in:
René Zubcevic 2022-04-11 21:12:41 +02:00 committed by GitHub
parent 02c3f9551f
commit b32240f96b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
27 changed files with 36 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
src/main/java/org/owasp/webgoat/container/lessons/Category.java
View File

@ -39,36 +39,19 @@ public enum Category {
INTRODUCTION("Introduction", 5),
GENERAL("General", 100),
INJECTION("(A1) Injection", 300),
AUTHENTICATION("(A2) Broken Authentication", 302),
INSECURE_COMMUNICATION("(A3) Sensitive Data Exposure", 303),
XXE("(A4) XML External Entities (XXE)", 304),
ACCESS_CONTROL("(A5) Broken Access Control", 305),
A1("(A1) Broken Access Control", 301),
A2("(A2) Cryptographic Failures", 302),
A3("(A3) Injection", 303),
XSS("(A7) Cross-Site Scripting (XSS)", 307),
INSECURE_DESERIALIZATION("(A8) Insecure Deserialization", 308),
VULNERABLE_COMPONENTS("(A9) Vulnerable Components", 309),
SESSION_MANAGEMENT("(A10) Session Management Flaws", 310),
A5("(A5) Security Misconfiguration", 305),
A6("(A6) Vuln & Outdated Components", 306),
A7("(A7) Identity & Auth Failure", 307),
A8("(A8) Software & Data Integrity", 308),
A9("(A9) Security Logging Failures", 309),
A10("(A10) Server-side Request Forgery", 310),
REQUEST_FORGERIES("(A8:2013) Request Forgeries", 318),
REQ_FORGERIES("Request Forgeries", 450),
INSECURE_CONFIGURATION("Insecure Configuration", 600),
INSECURE_STORAGE("Insecure Storage", 800),
AJAX_SECURITY("AJAX Security", 1000),
BUFFER_OVERFLOW("Buffer Overflows", 1100),
CODE_QUALITY("Code Quality", 1200),
CONCURRENCY("Concurrency", 1300),
ERROR_HANDLING("Improper Error Handling", 1400),
DOS("Denial of Service", 1500),
MALICIOUS_EXECUTION("Malicious Execution", 1600),
CLIENT_SIDE("Client side", 1700),
WEB_SERVICES("Web Services", 1900),
ADMIN_FUNCTIONS("Admin Functions", 2000),
CHALLENGE("Challenges", 3000);
@Getter

2
src/main/java/org/owasp/webgoat/lessons/auth_bypass/AuthBypass.java
View File

@ -31,7 +31,7 @@ public class AuthBypass extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.AUTHENTICATION;
return Category.A7;
}
@Override

2
src/main/java/org/owasp/webgoat/lessons/cryptography/Cryptography.java
View File

@ -30,7 +30,7 @@ import org.springframework.stereotype.Component;
public class Cryptography extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.GENERAL;
return Category.A2;
}
@Override

2
src/main/java/org/owasp/webgoat/lessons/csrf/CSRF.java
View File

@ -33,7 +33,7 @@ import org.springframework.stereotype.Component;
public class CSRF extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.REQUEST_FORGERIES;
return Category.A10;
}
@Override

2
src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserialization.java
View File

@ -37,7 +37,7 @@ import org.springframework.stereotype.Component;
public class InsecureDeserialization extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.INSECURE_DESERIALIZATION;
return Category.A8;
}
@Override

2
src/main/java/org/owasp/webgoat/lessons/hijacksession/HijackSession.java
View File

@ -38,7 +38,7 @@ public class HijackSession extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.SESSION_MANAGEMENT;
return Category.A1;
}
@Override

2
src/main/java/org/owasp/webgoat/lessons/idor/IDOR.java
View File

@ -38,7 +38,7 @@ public class IDOR extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.ACCESS_CONTROL;
return Category.A1;
}
@Override

2
src/main/java/org/owasp/webgoat/lessons/insecure_login/InsecureLogin.java
View File

@ -37,7 +37,7 @@ import org.springframework.stereotype.Component;
public class InsecureLogin extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.INSECURE_COMMUNICATION;
return Category.A7;
}
@Override

2
src/main/java/org/owasp/webgoat/lessons/jwt/JWT.java
View File

@ -35,7 +35,7 @@ public class JWT extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.AUTHENTICATION;
return Category.A7;
}
@Override

2
src/main/java/org/owasp/webgoat/lessons/logging/LogSpoofing.java
View File

@ -37,7 +37,7 @@ import org.springframework.stereotype.Component;
public class LogSpoofing extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.INSECURE_CONFIGURATION;
return Category.A9;
}
@Override

2
src/main/java/org/owasp/webgoat/lessons/missing_ac/MissingFunctionAC.java
View File

@ -34,7 +34,7 @@ public class MissingFunctionAC extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.ACCESS_CONTROL;
return Category.A1;
}
@Override

2
src/main/java/org/owasp/webgoat/lessons/password_reset/PasswordReset.java
View File

@ -30,7 +30,7 @@ import org.springframework.stereotype.Component;
public class PasswordReset extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.AUTHENTICATION;
return Category.A7;
}
@Override

2
src/main/java/org/owasp/webgoat/lessons/path_traversal/PathTraversal.java
View File

@ -31,7 +31,7 @@ public class PathTraversal extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.INJECTION;
return Category.A3;
}
@Override

2
src/main/java/org/owasp/webgoat/lessons/secure_passwords/SecurePasswords.java
View File

@ -35,7 +35,7 @@ public class SecurePasswords extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.AUTHENTICATION;
return Category.A7;
}
@Override

2
src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookie.java
View File

@ -37,7 +37,7 @@ public class SpoofCookie extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.SESSION_MANAGEMENT;
return Category.A1;
}
@Override

2
src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionAdvanced.java
View File

@ -30,7 +30,7 @@ import org.springframework.stereotype.Component;
public class SqlInjectionAdvanced extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.INJECTION;
return Category.A3;
}
@Override

2
src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjection.java
View File

@ -30,7 +30,7 @@ import org.springframework.stereotype.Component;
public class SqlInjection extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.INJECTION;
return Category.A3;
}
@Override

2
src/main/java/org/owasp/webgoat/lessons/sql_injection/mitigation/SqlInjectionMitigations.java
View File

@ -30,7 +30,7 @@ import org.springframework.stereotype.Component;
public class SqlInjectionMitigations extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.INJECTION;
return Category.A3;
}
@Override

2
src/main/java/org/owasp/webgoat/lessons/ssrf/SSRF.java
View File

@ -37,7 +37,7 @@ import org.springframework.stereotype.Component;
public class SSRF extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.REQUEST_FORGERIES;
return Category.A10;
}
@Override

2
src/main/java/org/owasp/webgoat/lessons/vulnerable_components/VulnerableComponents.java
View File

@ -30,7 +30,7 @@ import org.springframework.stereotype.Component;
public class VulnerableComponents extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.VULNERABLE_COMPONENTS;
return Category.A6;
}
@Override

2
src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScripting.java
View File

@ -30,7 +30,7 @@ import org.springframework.stereotype.Component;
public class CrossSiteScripting extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.XSS;
return Category.A3;
}
@Override

2
src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingMitigation.java
View File

@ -28,7 +28,7 @@ import org.owasp.webgoat.container.lessons.Lesson;
public class CrossSiteScriptingMitigation extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.XSS;
return Category.A3;
}
@Override

2
src/main/java/org/owasp/webgoat/lessons/xss/stored/CrossSiteScriptingStored.java
View File

@ -28,7 +28,7 @@ import org.owasp.webgoat.container.lessons.Lesson;
public class CrossSiteScriptingStored extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.XSS;
return Category.A3;
}
@Override

2
src/main/java/org/owasp/webgoat/lessons/xxe/XXE.java
View File

@ -31,7 +31,7 @@ public class XXE extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.XXE;
return Category.A5;
}
@Override

4
src/test/java/org/owasp/webgoat/container/service/LessonMenuServiceTest.java
View File

@ -77,7 +77,7 @@ public class LessonMenuServiceTest {
when(l2.getTitle()).thenReturn("AA");
when(lessonTracker.isLessonSolved()).thenReturn(false);
when(course.getLessons(any())).thenReturn(Lists.newArrayList(l1, l2));
when(course.getCategories()).thenReturn(Lists.newArrayList(Category.ACCESS_CONTROL));
when(course.getCategories()).thenReturn(Lists.newArrayList(Category.A1));
when(userTracker.getLessonTracker(any(Lesson.class))).thenReturn(lessonTracker);
when(userTrackerRepository.findByUser(any())).thenReturn(userTracker);
@ -93,7 +93,7 @@ public class LessonMenuServiceTest {
when(l1.getTitle()).thenReturn("ZA");
when(lessonTracker.isLessonSolved()).thenReturn(true);
when(course.getLessons(any())).thenReturn(Lists.newArrayList(l1));
when(course.getCategories()).thenReturn(Lists.newArrayList(Category.ACCESS_CONTROL));
when(course.getCategories()).thenReturn(Lists.newArrayList(Category.A1));
when(userTracker.getLessonTracker(any(Lesson.class))).thenReturn(lessonTracker);
when(userTrackerRepository.findByUser(any())).thenReturn(userTracker);

2
src/test/java/org/owasp/webgoat/container/users/UserTrackerRepositoryTest.java
View File

@ -20,7 +20,7 @@ class UserTrackerRepositoryTest {
@Override
public Category getDefaultCategory() {
return Category.AJAX_SECURITY;
return Category.CLIENT_SIDE;
}
@Override

2
src/test/java/org/owasp/webgoat/lessons/vulnerable_components/VulnerableComponentsLessonTest.java
View File

@ -26,8 +26,6 @@ import com.thoughtworks.xstream.XStream;
import com.thoughtworks.xstream.io.StreamException;
import org.junit.jupiter.api.Disabled;
import org.junit.jupiter.api.Test;
import org.owasp.webgoat.lessons.vulnerable_components.Contact;
import org.owasp.webgoat.lessons.vulnerable_components.ContactImpl;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertThrows;