dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
2,293 Commits 11 Branches 78 Tags
035c8662d414d9b380899f2c335d180c8a8b4dac
Commit Graph

25 Commits

Author SHA1 Message Date
Nanne Baars
f7b794bf68 Race condition in counting number of attempts #567 (#697) 
Add version to Hibernate mapping so we get optimistic locking this solves
number of parallel calls trying to update/guess and mess with the lesson
counter
 2019-11-03 18:14:15 +01:00
Nanne Baars
1a83e2825e Code style (#696) 
* Remove Guava dependency from WebGoat

* Add Checkstyle to the project with very basic standards so we have a
style across lessons. It does not interfere with basic Intellij formatting
 2019-11-03 18:11:09 +01:00
Rene Zubcevic
1f00d461a8 cleaned logs and changed username length for csrf-uuid 2019-10-15 13:59:18 +02:00
Nanne Baars
e8d086ac9b All successful 2019-09-20 07:59:04 +02:00
Nanne Baars
ff530e926e Use separate project for integration tests so we can start WebGoat and WebWolf 2019-08-25 17:43:14 +02:00
TortugaAttack
f0d1555a09 Fixed #45 - multiple tracker for one user fixed 2019-08-21 23:38:27 +02:00
Nanne Baars
e61c943f97 #601 bug: username is case sensitive, but email in general is not 
Opted for completing remove support for uppercase letters in username
this way we never come across issued with casing in WebGoat
 2019-07-28 20:48:20 +02:00
Matthias Grundmann
1d2575a211 Allow - in usernames because CSRF lesson requires username starting with prefix crsf- #476 2018-06-13 11:38:33 +02:00
Nanne Baars
fc2c99bcb4 Limit the username to letters and digits only 2018-05-29 16:16:52 +02:00
Nanne Baars
8050a2b56d XXE lesson not showing correct link for WebWolf 2018-05-01 21:54:28 +02:00
nbaars
b99b554522 Version: docker 8.0.0.M9 Multiple users can't finalize the same lesson #432 2018-01-29 15:29:48 +01:00
nbaars
ee11381a63 Fixed database issue mappings 2018-01-21 17:13:28 +01:00
nbaars
a6b9235711 SQL Error '-104' in XSS Lesson Page 7 #416 2018-01-10 12:48:45 +01:00
nbaars
c6e86861fe Removed Mongodb, so we do not have issues with downloading the embedded Mongodb. Moved back to JPA and use HSQLDB for storing user information. 2017-12-29 22:12:21 +01:00
Nanne Baars
43b82027f5 Added more content for CSRF lesson 2017-11-22 01:34:05 +01:00
Nanne Baars
46c536554c - Added new challenges 
- Added new webapplication called WebWolf to make attacks more realistic
- Added WebWolf lesson to explain the concepts behind this new application
 2017-09-12 23:12:10 +02:00
Jason White
b41751a55c missing function level ac working again ... after VM implosion 2017-08-08 17:15:20 -06:00
Jason White
8df1d53471 interim missing function ac commit, traversing dev. env. 2017-08-08 09:28:09 -06:00
Jason White
b0f66f16fb initial plumb of scoreboard 2017-05-02 22:24:31 -04:00
Nanne Baars
a134b25213 Scoreboard now returns the flags captured (title) 2017-05-02 02:45:35 +02:00
Nanne Baars
eb7a6bd2be Creating endpoint for the scoreboard 2017-05-02 02:29:47 +02:00
Nanne Baars
ebf2f9d864 wip 2017-04-15 11:37:43 +02:00
Nanne Baars
fbf2d1b422 Added validation to detect duplicate users during registration 2017-04-08 08:30:14 +02:00
Nanne Baars
9833637abf Fixed exception while logging in with unknown user 2017-03-23 21:46:21 +01:00
Nanne Baars
259fd19c1b - Introduced user registration 
- Now using Spring Boot for classloading, this way local development does not need to restart the complete server
- Fixed all kinds of dependencies on the names of the lessons necessary to keep in mind during the creation of a lesson.
- Simplied loading of resources, by adding resource mappings in MvcConfig.
- Refactored plugin loading, now only one class is left for loading the lessons.
 2017-03-22 11:35:14 +01:00