dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,044 Commits 11 Branches 78 Tags
Commit Graph

3044 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
rogan.dawes
8e1fb2caa3 added console debugging line 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@249 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:44:56 +00:00
rogan.dawes
2bb4df8ef1 added console debugging line 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@248 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:44:43 +00:00
rogan.dawes
ebfcd02a9f updating AJAX lesson plans 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@247 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:44:27 +00:00
rogan.dawes
a84d0e951d making ajax impovements 
Also convert SQL server file from Unix to DOS line endings


git-svn-id: http://webgoat.googlecode.com/svn/trunk@246 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:44:09 +00:00
rogan.dawes
a8c87e0704 Move the SQL Server instructions into a single file 
Previously, the solution to this lesson involved a complex
set of operations, loading assemblies, creating functions, etc

Now that that is all done during the set up phase, and is not
expected of the student, the solution is easy to fit into
the instructor file.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@245 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:14:46 +00:00
rogan.dawes
1621a39e35 Provide an example of how to override the default setting using environment variables 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@244 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:14:30 +00:00
rogan.dawes
12554493cd Change the default Oracle password back to webgoat (no _) 
No good reason to change it actually.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@243 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:14:27 +00:00
rogan.dawes
71330946f4 Make it possible to override WebGoat context settings via environment variables 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@242 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:14:17 +00:00
rogan.dawes
c31ef90a3d Allow overriding of the WebGoat context setting via environment variables 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@241 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:14:06 +00:00
rogan.dawes
36b32849df Add support for MS SQL Server in the DB Labs 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@240 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:13:52 +00:00
rogan.dawes
900a222316 Change the default webgoat password 
Add an underscore to the password to allow us to keep the same
password across multiple platforms, including those that enforce
password quality (e.g. SQL Server)


git-svn-id: http://webgoat.googlecode.com/svn/trunk@239 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:13:21 +00:00
rogan.dawes
cb2a3784b6 Change DBSQLInjection lesson to count the matched rows 
This is an improvement over expecting the stored proc
to throw an exception, and is more portable


git-svn-id: http://webgoat.googlecode.com/svn/trunk@238 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:13:13 +00:00
rogan.dawes
0149a699a3 minor bug fixes. 
Minor updates to concurrency cart


git-svn-id: http://webgoat.googlecode.com/svn/trunk@237 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:12:44 +00:00
rogan.dawes
1ce614f733 Merge with major changes made by Aspect 
Several new lessons added


git-svn-id: http://webgoat.googlecode.com/svn/trunk@236 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:12:31 +00:00
rogan.dawes
137b7c813c several minor bug fixes. 
UpdateProfile uses prepared statements.
ReflectedXSS "code" input field vulnerable to XSS.
Minor updates to concurrency cart


git-svn-id: http://webgoat.googlecode.com/svn/trunk@235 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:11:50 +00:00
rogan.dawes
6c9c53b938 Remove some unused imports 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@234 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:11:27 +00:00
rogan.dawes
c3cee22113 Fix database connetion handling. 
Oracle requires us to close our connections after each
request (or else implement a connection pool), otherwise
we will end up running out of available connections.

While the mechanism for doing this was added in a previous
change, actually using it correctly was omitted somehow.
Fix that now.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@233 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:11:12 +00:00
rogan.dawes
aab0125c50 Synchronize access to the DatabaseUtilities core methods 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@232 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:10:39 +00:00
rogan.dawes
531991f26d Replace the "Stage n" text in the instructions 
Since we now use a link in the menu to choose a stage, rather than the
drop down, we need the Stage number to be visible


git-svn-id: http://webgoat.googlecode.com/svn/trunk@231 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:10:29 +00:00
rogan.dawes
8b21a7785e Update the DB lessons 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@230 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:10:10 +00:00
rogan.dawes
d9cf56268e Fix line endings 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@229 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:09:49 +00:00
rogan.dawes
427832411c Fix line endings 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@228 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:09:41 +00:00
rogan.dawes
5457faf9a3 Add Rogan Dawes to the challenge screen as a contributor 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@227 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:09:33 +00:00
rogan.dawes
647c0c4a34 Allow accessing Web Services when WebGoat is on a non-standard port 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@226 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:09:27 +00:00
rogan.dawes
64ce7068c4 Move the Thread Safety lesson into the Concurrency category 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@225 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:09:13 +00:00
rogan.dawes
92072f3921 Update the Challenge Stage 2 to be more realistic 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@224 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:09:00 +00:00
rogan.dawes
af8e61eb9f Change the line endings on the instructions 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@223 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:08:48 +00:00
rogan.dawes
2fd09c3084 Add a new Concurrency lesson 
Created by Ryan Knell @Aspect Security


git-svn-id: http://webgoat.googlecode.com/svn/trunk@222 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:08:45 +00:00
mayhew64
3b128c8ebb Removed space from path information 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@221 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-09 19:50:49 +00:00
mayhew64
84ca966ce5 Added client side validation to HiddenFieldTampering.java, added a new ECS makeButton with a OnClick function, corrected authorship in several files 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@220 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-09 13:28:07 +00:00
mayhew64
3645564018 Added source parameter to "Show Java" for showing lesson source code. Added Google Mail configuration to UncheckedEmail lesson. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@219 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-08 12:53:09 +00:00
mayhew64
d92c716ff4 Added source parameter to "Show Java" for showing lesson source code. Added Google Mail configuration to UncheckedEmail lesson. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@218 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-08 12:51:13 +00:00
mayhew64
23e7fe1f4f Build cleanup in order to create a complete developer distribution. More menu cleanup 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@217 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-03 21:09:17 +00:00
mayhew64
f6e0cb7ed0 Don't know what these are? 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@216 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-03 21:06:52 +00:00
mayhew64
822ce10ca2 5.1 RC2 build updates 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@215 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-02 14:05:58 +00:00
mayhew64
c1f55215a8 Menu cleanup for Lab stages. Shortened menu names for most lessons. Changed category naming to be more meaningful. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@214 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-02 13:48:19 +00:00
mayhew64
ee0bc82bec Single platform build.xml 
Modified Lesson banners
Solutions guide and framework

git-svn-id: http://webgoat.googlecode.com/svn/trunk@213 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-10-08 20:37:43 +00:00
rogan.dawes
a9fe7e6099 Implement non-coding modes for the labs 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@211 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-25 12:57:57 +00:00
rogan.dawes
f62eb33c4b Commit Dave's fixes 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@210 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-25 12:57:17 +00:00
rogan.dawes
d9979e46ed Another place where we need to compare without case 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@209 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-25 12:56:51 +00:00
rogan.dawes
b67bb702d2 Fix more places where the email address was hard-coded 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@208 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-25 12:56:35 +00:00
rogan.dawes
6de7bd9ec9 Fix the feedback address in other places 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@207 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-25 12:56:06 +00:00
rogan.dawes
d65f5bfd85 Make the stages not right aligned 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@206 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-25 12:55:57 +00:00
rogan.dawes
7fd112bc5d Update Random Access Lessons to not include the stage number in the text 
We add the stage number programmatically now, since we want to be able
to skip some stages.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@205 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-25 12:55:49 +00:00
rogan.dawes
add34a24dc Make the test for the Auth header name case-insensitive 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@204 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-25 12:55:18 +00:00
rogan.dawes
043c0e5926 Remove Microsoft quotes 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@203 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:37:58 +00:00
rogan.dawes
fb76b4916f Unify web.xml files. Also update the webgoat contact email address 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@202 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:37:42 +00:00
rogan.dawes
f9b5f8eddf Show completion of individual lesson stages 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@201 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:37:31 +00:00
rogan.dawes
a2f99be11a Remove unnecessary setMessage() calls 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@200 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:37:24 +00:00
rogan.dawes
f831487fa2 Add descriptions to the stages 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@199 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:36:42 +00:00