59076fc9ef
adjusted WebWolfMacro
2019-12-23 17:08:33 +01:00
5dd6b31905
Adjust lesson template ( #704 )
...
* Remove method `getId()` from all lessons as it defaults to the class name
* remove clean up endpoint
* remove unused class `RequestParameter`
* remove unused class `PluginLoadingFailure`
* Move `CourseConfiguration` to lesson package
* Add more content around the lesson template lesson and make it visible as a lesson in WebGoat
* Remove explicit invocation `trackProgress()` inside WebGoat framework so assignments only need to return an `AttackResult`
* Put original solution back as well for SQL string injection
* review comments
* Add
2019-11-17 13:39:56 +01:00
f7b794bf68
Race condition in counting number of attempts #567 ( #697 )
...
Add version to Hibernate mapping so we get optimistic locking this solves
number of parallel calls trying to update/guess and mess with the lesson
counter
2019-11-03 18:14:15 +01:00
1a83e2825e
Code style ( #696 )
...
* Remove Guava dependency from WebGoat
* Add Checkstyle to the project with very basic standards so we have a
style across lessons. It does not interfere with basic Intellij formatting
2019-11-03 18:11:09 +01:00
710adfae20
Upgrade to latest Spring Boot version
2019-10-30 08:28:14 +01:00
689e3de7a4
Final changes for splitting SQL WebGoat and lessons
2019-10-30 08:28:14 +01:00
25dae3a4a8
Fix merge request
2019-10-30 08:28:14 +01:00
1f00d461a8
cleaned logs and changed username length for csrf-uuid
2019-10-15 13:59:18 +02:00
8d7142e6d3
upgrade ascii doc with support for link in new tab
2019-10-15 13:55:34 +02:00
663224d06a
xxe path info ( #670 )
...
* xxe path info aid added
* xxe path info aid added
* changes to template file and hints
* added ssl test support for XXE
* added ssl test support for XXE
* restconfig replaced by httpsrelaxed
* processed review comments on hints and example
2019-10-02 09:59:32 +02:00
0319c477b1
XSS lesson completion fixes ( #669 )
...
* XSS lesson completion fixes
* removed log all
* lesson progress capable of deprecated assignments in the database
* fixed unit test for lesson progress
2019-09-29 14:46:18 +02:00
d080b3ef06
Review comment
2019-09-24 07:36:49 +02:00
261f947777
Fix
2019-09-20 17:45:33 +02:00
c8ef848657
Fix
2019-09-20 17:36:15 +02:00
6fe5831f11
FIx?
2019-09-20 16:46:26 +02:00
cf00454f8b
Testing issue
2019-09-20 08:30:07 +02:00
e8d086ac9b
All successful
2019-09-20 07:59:04 +02:00
82ad0a7cc7
Finally working
2019-09-18 17:53:43 +02:00
dceb375d5e
WIP
2019-09-13 18:57:40 +02:00
361249c666
First attempt at moving to Spring Boot 2
2019-09-12 17:22:03 +02:00
2283f945a9
Fix failing configuration
2019-08-25 17:53:36 +02:00
ff530e926e
Use separate project for integration tests so we can start WebGoat and WebWolf
2019-08-25 17:43:14 +02:00
f0d1555a09
Fixed #45 - multiple tracker for one user fixed
2019-08-21 23:38:27 +02:00
e61c943f97
#601 bug: username is case sensitive, but email in general is not
...
Opted for completing remove support for uppercase letters in username
this way we never come across issued with casing in WebGoat
2019-07-28 20:48:20 +02:00
ae674b9297
Merge pull request #620 from zubcevic/july2019-bugfixes
...
increased sql form fields and fixed chrome progress
2019-07-25 08:39:34 +02:00
216b29fca2
Clean up in pom files
2019-07-24 20:37:32 +02:00
ea38973068
UTF-8 config added for ThymeLeaf
2019-07-22 08:21:34 +02:00
63a1097466
owasp categories
2019-07-14 12:38:11 +02:00
e57c9d05b6
added checkbox and corrected fall back for the other labels
2019-04-21 14:10:01 +02:00
b02a01d35e
squash
2019-03-26 08:43:38 +01:00
6d974b5fa8
Fixed lesson sorting issue
2019-03-26 08:43:38 +01:00
1bcddaf710
Reworked and polished assignment 8 and 9 (C and I)
2019-03-26 08:43:38 +01:00
6fe7582dfb
Added an assignment for compromising availability to the sql injections (introduction).
...
WIP
2019-03-26 08:43:38 +01:00
75b1895122
Added a new lessons for sql injections on "Compromising confidentiality with String SQL Injection"
2019-03-26 08:43:38 +01:00
6e36cc1ea4
removed unnecessary interceptors
2019-03-26 08:37:47 +01:00
1c2648e0a9
disable the fallback to the system locale to fix unit test and establish the desired behaviour
2019-03-26 08:37:47 +01:00
ed490a5ecf
Fix for #545
...
Introduced new macro to make a clear distinction between /WebWolf with
context root and without.
2019-01-16 11:07:30 +01:00
844808bfa7
Merge pull request #485 from matthias-g/fixSQLInjection
...
Fix sql injection
2018-06-13 18:41:05 -06:00
1d2575a211
Allow - in usernames because CSRF lesson requires username starting with prefix crsf- #476
2018-06-13 11:38:33 +02:00
56fc983414
Update database layout so that proposed solution works
2018-06-12 17:40:28 +02:00
fc2c99bcb4
Limit the username to letters and digits only
2018-05-29 16:16:52 +02:00
60ef35e241
Working lesson
2018-05-23 14:28:19 +02:00
9d7886d572
More JWT work
2018-05-23 14:28:19 +02:00
ea9c1a453d
Initial version for JWT
2018-05-23 14:28:19 +02:00
84860e65f6
Insecure Deserialization exercise
2018-05-23 13:58:03 +02:00
8050a2b56d
XXE lesson not showing correct link for WebWolf
2018-05-01 21:54:28 +02:00
e4ca0c4836
Make report working again
2018-04-27 19:26:01 +02:00
e422da4c64
Polling for lesson updates (updates the menu and page navigation)
2018-04-27 18:50:13 +02:00
245ba2c3d1
Fix XXE lesson, the exact .webgoat directory including version number will be put in the lesson.
2018-04-24 20:44:05 +02:00
672d78eebc
Resource bundle in UTF-8
2018-04-23 16:12:50 +02:00
