055578893d
feat: improve MFAC lesson hint texts for a better user experience ( #1424 )
2023-08-27 02:08:52 +02:00
7b81247dd1
fix: HijackSession lesson template deprecated Tymeleaf attribute
2023-08-26 02:57:50 +02:00
3bc2e57c9c
Fix NPE in IDOR lesson
2023-08-26 02:22:33 +02:00
c3ec168d59
Add new assignment IT tests
2023-08-26 01:30:17 +02:00
a67fbf5a5a
fix: XSS mitigation
2023-08-26 01:30:17 +02:00
3365c8d447
Remove wrong files
2023-08-25 22:50:40 +02:00
368c046779
fix: Stored Cross-Site Scripting Lesson
2023-08-25 20:55:26 +02:00
786cabd251
Make webjar dependencies version agnostic
2023-08-24 16:43:28 +02:00
4ba818533c
fix: WebWolf JWT jquery webjar
2023-08-09 01:32:03 +02:00
a9b1fd66b8
feat: implement JWT jku example ( #1552 )
...
Closes #1539
2023-08-08 17:18:22 +02:00
61de52840f
chore: bump com.diffplug.spotless:spotless-maven-plugin from 2.33.0 to 2.38.0 ( #1535 )
...
* chore: bump com.diffplug.spotless:spotless-maven-plugin
Bumps [com.diffplug.spotless:spotless-maven-plugin](https://github.com/diffplug/spotless ) from 2.33.0 to 2.38.0.
- [Changelog](https://github.com/diffplug/spotless/blob/main/CHANGES.md )
- [Commits](https://github.com/diffplug/spotless/compare/lib/2.33.0...lib/2.38.0 )
---
updated-dependencies:
- dependency-name: com.diffplug.spotless:spotless-maven-plugin
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
* chore: format code
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Nanne Baars <nanne.baars@owasp.org >
2023-07-30 15:10:31 +02:00
ad00119b0d
Add Assignment7 Tests
2023-07-18 00:38:23 +02:00
25f49537e7
bug: Fix IDOR lesson
2023-07-16 17:14:27 +02:00
8ec718c1ef
format
2023-06-15 19:26:33 +02:00
1df7ca61a3
Text content improvement
2023-06-15 19:26:33 +02:00
75398feca0
Add hints
2023-06-15 19:26:33 +02:00
ca886b4818
feat: upgrade to Spring Boot version 3 ( #1477 )
2023-06-04 11:19:47 +02:00
ac6de9d788
Fix typo of HijackSession_content0.adoc
2023-04-17 09:04:15 +02:00
cbf2e153d9
Restrict SSRF Regexes
2023-03-08 23:22:38 +01:00
e50986a098
fix: challenge 7 ( #1433 )
2023-02-22 22:55:48 +01:00
5dbe2eaf19
refactor: update challenge code
...
- Flags are now wired through a Spring config
- Introduced Flag class
- Removed Flags from the FlagController
2023-02-22 11:01:34 +01:00
ecfc321f14
feature: Add extra feedback once someone solves JWT refresh lesson differently
...
One can solve this lesson by using `alg:none` instead of using the refresh token flow. Instead of adding a check to force using the refresh token we opt for giving the user extra feedback.
2023-02-16 20:32:27 +00:00
73b8c431fc
chore: use constructor instead of field dependency injection
2023-02-16 20:32:27 +00:00
693771220c
fix: change url in JavaScript for JWT endpoint
...
The JavaScript pointed to the context root /WebWolf/ which is no longer in use.
2023-02-16 12:24:02 +00:00
075b1ab30a
Fix WebWolf JWT tool
2023-02-15 22:40:24 +00:00
390ff39f19
chore: format src/test/it as well
2023-02-15 19:01:06 +00:00
3ec34b0df5
fix: challenge test fails sometimes when calling scoreboard endpoint
2023-02-15 19:01:06 +00:00
ae081ce319
Add fileserver location (test)
2023-02-15 12:00:54 +00:00
bd398e4c09
#1396 Fix templates path for views
2023-02-15 11:58:49 +00:00
323daae578
Vulnerable components only work in a Docker container
2023-01-05 20:51:15 +01:00
3901814363
Fix documentation link for XXE mitigation.
2023-01-05 19:00:12 +01:00
59bfd7c6d4
Move XXE to A05 - Security Misconfiguration
2023-01-05 19:00:12 +01:00
dca415099f
Remove unused JavaScript function
2023-01-05 11:33:00 +01:00
54e115aff0
Update the solution with WebWolf URLs
...
The new solution uses WebWolf paths as these will change automatically when a user start WebGoat on a different port. It no longer depends on the hardcoded port `8080`.
2023-01-05 11:02:45 +01:00
fcaa2d8589
Fix zip slip lesson.
...
The lesson did not work properly as the directory is reused across several path traversal lessons. First thing before uploading the zip file we now clean the directory.
The html had a reference to a location of the profile picture, this was part of a hint but this only causes confusion as this is not indicating to where you need to upload the picture with the Zip Slip vulnerability.
The assignment now contains a direct hint as where the image needs to be saved. The assignment is about creating a vulnerable zip file and NOT about guessing where the image should be saved inside WebGoat.
2023-01-05 11:02:45 +01:00
9666597164
- Add reference to the WebWolf icon in the top right corner.
...
- Format all text of the lesson
2023-01-04 08:07:51 +01:00
d2a1546dff
Apply formatting
...
This will make sure we have a consistent style across our project and the PRs are only concerned with actual changes and no longer about style.
2023-01-04 08:07:23 +01:00
b03777d39b
Support boolean when parsing the token.
...
When the admin json element passes as a `boolean`:
```
{
"admin": true
}
```
the parsing is now successful.
2023-01-04 07:43:18 +01:00
32468ff90b
Add sql lesson ( #1370 )
2023-01-04 07:42:29 +01:00
71ec36102f
Fix typo
2022-12-01 21:34:19 +01:00
8db9ff30be
Fixed incorrect word
...
while "wear" and "were" have similar pronunciation, one of them is better here than the other :)
2022-11-29 18:55:44 +01:00
b51be74cab
typofix
2022-11-28 17:10:14 +01:00
96c2595ad0
Update interface name to exploit
...
The name is
org.owasp.webgoat.lessons.vulnerablecomponents.Contact
not
org.owasp.webgoat.vulnerablecomponents.Contact
2022-09-21 22:32:16 +02:00
34f5b79249
isReadable works inside a container, isFile not ( #1334 )
2022-09-12 09:02:07 +02:00
f5e4d4717a
FixTypo - Fix typo in various lesson documentations
2022-08-30 22:21:22 +02:00
50f932b02e
Renamed to webwolfintroduction
2022-07-31 22:39:21 +02:00
251167c6b0
Renamed to webgoatintroduction
2022-07-31 22:39:21 +02:00
256c1dd3aa
Renamed to vulnerablecomponents
2022-07-31 22:39:21 +02:00
b93c935d6c
Renamed to sqlinjection
2022-07-31 22:39:21 +02:00
827a9d3467
Renamed to securepasswords
2022-07-31 22:39:21 +02:00
