dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,679 Commits 11 Branches 78 Tags
Commit Graph

704 Commits

Author SHA1 Message Date
Nanne Baars
e169650ebc Update documentation 2021-12-15 17:47:12 +01:00
Nanne Baars
2589aa3fa4 Update documentation 2021-12-15 17:46:58 +01:00
Nanne Baars
51c007c545 Update documentation 2021-12-15 17:46:46 +01:00
Nanne Baars
5089c107ba Update documentation 2021-12-15 17:46:35 +01:00
Nanne Baars
69a93f30d2 update documentation 2021-12-15 17:46:24 +01:00
Nanne Baars
0658fcefcd update documentation 2021-12-15 17:46:03 +01:00
Nanne Baars
d41d21b2e6 Update the documentation 2021-12-15 17:45:52 +01:00
Àngel Ollé Blázquez
939f860ddd renamed spoof-cookie form 2021-12-08 19:37:10 +01:00
Nanne Baars
d496c929b3 Use variables to check WebWolf host and port 
WebWolf can start on a different port, the assignment should take this into account and not check for a hardcoded value.

Resolves: #1055
 2021-11-23 13:22:08 +01:00
Nanne Baars
f8dda37027 Rename properties 
Rename `webwolf.url.*` to `webwolf.*.url` making it easier to move to a configuration class as no nested property is necessary
 2021-11-23 13:22:08 +01:00
Àngel Ollé Blázquez
dd2e9f074d Hijack Session Lesson 2021-11-19 13:07:49 +01:00
Nanne Baars
fc6b0f28df Add endpoint for the JavaScript to post to 
The JavaScript posts to a random endpoint resulting in a HTTP/405 we now post to an existing endpoint.

Resolves: #1142
 2021-11-16 16:34:14 +01:00
Nanne Baars
f13632578d Fix layout of assignment and remove duplicate feedback 
Resolves: #1143
 2021-11-16 16:34:02 +01:00
Nanne Baars
b23b428763 Fix spelling/grammar 
Resolves: #1143
 2021-11-16 16:34:02 +01:00
Nanne Baars
32a41debad Fix spelling/grammar and reference to ZAP 2.8.0 
Resolves: #1141
 2021-11-16 16:33:48 +01:00
Nanne Baars
fafddda82a Update ZAP instructions 
We reference ZAP 2.8.0 explicitly which is not necessary. Also the way ZAP works changed, we no longer need to change the port as ZAP will report there is a conflict during startup.

Resolves: #1141
 2021-11-16 16:33:48 +01:00
Nanne Baars
5bf33db78f Remove obsolete hints 2021-11-16 16:33:36 +01:00
Nanne Baars
20d7015dff Move unit test to JUnit 5 2021-11-16 16:33:36 +01:00
Nanne Baars
2fbc52e6a2 Remove some unused code 2021-11-16 16:33:36 +01:00
Nanne Baars
ab0433bb67 Fix link and typo 
The link pointed to the old OWASP website. Also fixed some typos here and there

Resolves: #1136
 2021-11-16 16:33:10 +01:00
Nanne Baars
f2f7f36a6d Fix typo in hints 
The hints for JWT used `jwt` instead of `JWT` which makes it difficult to solve the lesson as the hint actually points someone in the wrong direction.

Resolves: #123
 2021-11-16 16:32:57 +01:00
Nanne Baars
3ad51e6d6b Rewrite lesson to be self-contained and not depend on the core of WebGoat for fetching users 
Split the assignment into 2 assignments
 2021-11-16 16:32:43 +01:00
Nanne Baars
2bd6b36210 Fix layout assignment 2 2021-11-16 16:32:43 +01:00
Nanne Baars
bcaf4485c2 Move css to lesson itself 2021-11-16 16:32:43 +01:00
Nanne Baars
cd2e1c1c09 Fix spelling issues 2021-11-16 16:32:43 +01:00
Nanne Baars
c7e04cef97 Add logging to pom.xml 2021-11-16 16:24:45 +01:00
Jeroen Willemsen
fa2769cb25 Updating poms 2021-11-16 16:24:45 +01:00
Jeroen Willemsen
1a64fcd8d4 Recommit logging lesson as PR got a lot of conflicts 2021-11-16 16:24:45 +01:00
Nanne Baars
ff67ee6484
Update to correct version 2021-10-04 14:40:19 +02:00
Nanne Baars
a7b9954d0f 1101: fix quoting in statement 2021-10-02 17:39:26 +02:00
Àngel Ollé Blázquez
dfa0e1cdca XSS Lesson one boolean response 
Signed-off-by: Àngel Ollé Blázquez <angel@olleb.com>
 2021-10-02 01:09:52 +02:00
Nanne Baars
14a6efedf3 Add extra documentation for using the correct algorithm but removing the signature. 2021-09-29 15:21:09 +02:00
Àngel Ollé Blázquez
362248a065 Fix token signature validation 2021-09-29 13:51:17 +02:00
Nanne Baars
04d1293a33
#1045: Run build with Java 16 2021-09-23 16:09:28 +02:00
Àngel Ollé Blázquez
8e567b0f86 Spoofing an Authentication Cookie lesson 2021-09-23 15:51:17 +02:00
Nanne Baars
42369816c9
1026 (#1047) 
* Move back to Java 15 as XML parsers fail with XXE lesson

* Documentation improvement
 2021-09-17 13:46:58 +02:00
Nanne Baars
7ec6826abc #1031: Fix lesson 
- Hints not shown
- Add more hints
- Incorrect grant statement in lesson as example (removed it)
 2021-09-05 14:32:55 +02:00
Nanne Baars
a14e84d5c5 #1039: Fix token 
Replace `name` with `user` and add `admin`
 2021-09-05 13:07:56 +02:00
dependabot[bot]
14ab2faeaf Bump jsoup in /webgoat-lessons/cross-site-scripting 
Bumps [jsoup](https://github.com/jhy/jsoup) from 1.13.1 to 1.14.2.
- [Release notes](https://github.com/jhy/jsoup/releases)
- [Changelog](https://github.com/jhy/jsoup/blob/master/CHANGES)
- [Commits](https://github.com/jhy/jsoup/compare/jsoup-1.13.1...jsoup-1.14.2)

---
updated-dependencies:
- dependency-name: org.jsoup:jsoup
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-09-04 16:28:15 +02:00
Nanne Baars
6aaa743302 Fix vulnerable components lesson for Java 16. 2021-09-04 16:08:33 +02:00
Arshan Dabirsiaghi
d566080a79 fix typo 2021-08-14 10:52:16 +02:00
Nanne Baars
60bd04b9aa
Move to snapshot version 2021-07-29 11:13:16 +03:00
Nanne Baars
a641a19615
Add zip slip to path traversal lesson 2021-05-23 21:18:56 +02:00
Nanne Baars
81c551552b
Fix layout issue image 2021-05-23 20:11:23 +02:00
Nanne Baars
69a370f438
New release, updating pom.xml 2021-05-23 20:11:23 +02:00
René Zubcevic
a53ba0af5c
Fix for accidentally disabled integration tests (#997) 
* drop column is no longer required due to better db seperation
'

* integration test fix with BeforeAll
 2021-05-19 18:20:31 +02:00
Nanne Baars
a1071e9c00
Fix return type of asciidoctor macro implementation. 2021-04-23 15:11:56 +02:00
unknown
38f1d52bf3 Corrected typos and poor grammar found in the SQL Injection lessons. 2021-04-16 13:29:01 +02:00
Nanne Baars
e49f5d610f #961: Give each user its own schema for the lessons 
This way we can reset a lesson using the database for each user and not for all users at once.
Also solves the issue that when someone solves the lesson it is solved for all users on the same WebGoat instance
 2021-04-16 13:28:07 +02:00
Nanne Baars
d0f36f5227
Fix failing XXE test 2021-04-03 22:31:27 +02:00