b156d81535 
					 
					
						
						
							
							Initial cut on CSRF. More to come  
						
						
						
						
					 
					
						2017-10-11 20:06:57 -06:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						5033c3661a 
					 
					
						
						
							
							Cleaning up test case logging  
						
						
						
						
					 
					
						2017-10-08 02:07:22 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						6cb526aa43 
					 
					
						
						
							
							Maven build generates too much output for Travis CI  
						
						
						
						
					 
					
						2017-10-08 01:58:03 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						14b188597a 
					 
					
						
						
							
							Maven build generates too much output for Travis CI  
						
						
						
						
					 
					
						2017-10-07 19:27:53 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						8a982dedb5 
					 
					
						
						
							
							Updated XXE lesson so it also uses WebWolf  
						
						
						
						
					 
					
						2017-10-07 13:46:34 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						94caba7eb1 
					 
					
						
						
							
							Landing page incoming requests now look whether the referer is WebGoat (all incoming requests from WebGoat will now be logged)  
						
						
						
						
					 
					
						2017-09-13 00:22:52 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						109fe2c438 
					 
					
						
						
							
							Added WebWolf to Docker  
						
						
						
						
					 
					
						2017-09-12 23:44:32 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						46c536554c 
					 
					
						
						
							
							- Added new challenges  
						
						... 
						
						
						
						- Added new webapplication called WebWolf to make attacks more realistic
- Added WebWolf lesson to explain the concepts behind this new application 
						
						
					 
					
						2017-09-12 23:12:10 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						56f19caed6 
					 
					
						
						
							
							#380  Download mongodb while building the Docker image. If you are behind a proxy (or no connection) during the start of WebGoat you might not be able to download the mongodb binary.  
						
						
						
						
					 
					
						2017-08-15 08:15:44 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						6a440a93c0 
					 
					
						
						
							
							Merge pull request  #379  from misfir3/missing-function-level-ac  
						
						... 
						
						
						
						Missing function level ac 
						
						
					 
					
						2017-08-09 00:29:31 -06:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						ec2ab55749 
					 
					
						
						
							
							fixing test directory structure  
						
						
						
						
					 
					
						2017-08-09 00:24:04 -06:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						2463f534b5 
					 
					
						
						
							
							Formatting and bumping file in test dir  
						
						
						
						
					 
					
						2017-08-09 00:19:34 -06:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						51c9363162 
					 
					
						
						
							
							Merge pull request  #378  from misfir3/missing-function-level-ac  
						
						... 
						
						
						
						Missing function level ac 
						
						
					 
					
						2017-08-09 00:10:22 -06:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						8f740ace73 
					 
					
						
						
							
							additional tests, one fix  
						
						
						
						
					 
					
						2017-08-08 23:56:43 -06:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						476ab415a4 
					 
					
						
						
							
							More tests for AC lesson  
						
						
						
						
					 
					
						2017-08-08 18:47:49 -06:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						b8d17a1cfd 
					 
					
						
						
							
							Basic endpoint tests added  
						
						
						
						
					 
					
						2017-08-08 18:06:18 -06:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						b41751a55c 
					 
					
						
						
							
							missing function level ac working again ... after VM implosion  
						
						
						
						
					 
					
						2017-08-08 17:15:20 -06:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						8df1d53471 
					 
					
						
						
							
							interim missing function ac commit, traversing dev. env.  
						
						
						
						
					 
					
						2017-08-08 09:28:09 -06:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						06bf690a3a 
					 
					
						
						
							
							Merge remote-tracking branch 'upstream/develop' into develop  
						
						
						
						
					 
					
						2017-08-02 19:12:29 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						10e5edbc36 
					 
					
						
						
							
							temp. removal of offending UT  
						
						
						
						
					 
					
						2017-08-02 19:06:55 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						49621c637f 
					 
					
						
						
							
							Upgraded to latest in memory MongoDB (due to download link no longer working)  
						
						
						
						
					 
					
						2017-07-26 05:07:15 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						0b92a57f77 
					 
					
						
						
							
							WebGoat no longer runs as root in the Docker container.  
						
						
						
						
					 
					
						2017-07-26 05:06:40 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						b06fb72a74 
					 
					
						
						
							
							Fixed typo  
						
						
						
						
					 
					
						2017-07-25 17:41:37 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						f1a104f0ab 
					 
					
						
						
							
							merging missing function-level-ac lesson  
						
						
						
						
					 
					
						2017-07-25 09:44:10 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						8186bd4766 
					 
					
						
						
							
							css and xss updates  
						
						
						
						
					 
					
						2017-07-24 18:05:57 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						c44186f986 
					 
					
						
						
							
							start of missing function ac lesson  
						
						
						
						
					 
					
						2017-07-24 16:26:23 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						ca4b0c06b5 
					 
					
						
						
							
							lesson css file  
						
						
						
						
					 
					
						2017-07-24 11:34:10 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						c87f75ed18 
					 
					
						
						
							
							Merge pull request  #375  from misfir3/develop  
						
						... 
						
						
						
						Minor Updates to Categories and IDOR hints 
						
						
					 
					
						2017-07-19 16:45:38 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						fc05a68ef7 
					 
					
						
						
							
							update to IDOR hints  
						
						
						
						
					 
					
						2017-07-19 16:00:10 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						dce962bdeb 
					 
					
						
						
							
							Updating Category ordering, closer to T10  
						
						
						
						
					 
					
						2017-07-19 15:54:50 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						8a2499c56a 
					 
					
						
						
							
							Update to README.MD ( #372 )  
						
						... 
						
						
						
						Providing instructions on how to change listening IP address. 
						
						
					 
					
						2017-07-19 09:55:10 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						9e1e4c1d2a 
					 
					
						
						
							
							Merge remote-tracking branch 'upstream/develop' into auth-bypass  
						
						
						
						
					 
					
						2017-07-19 08:58:24 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						b57cfd06b1 
					 
					
						
						
							
							Started testing. Having issues, but commiting stubs and making ticket to return  
						
						
						
						
					 
					
						2017-07-19 08:56:48 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						89bfc3f12d 
					 
					
						
						
							
							fixing image  
						
						
						
						
					 
					
						2017-07-18 17:54:50 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						9b643728f8 
					 
					
						
						
							
							verify account assignment hints  
						
						
						
						
					 
					
						2017-07-18 17:48:57 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						0cb4faf15f 
					 
					
						
						
							
							refactor to support cleaner scoping && success and failure callbacks  
						
						
						
						
					 
					
						2017-07-18 17:39:58 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						ce7c271bb5 
					 
					
						
						
							
							initial cut on auth-bypass lesson  
						
						
						
						
					 
					
						2017-07-18 15:59:46 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						cac1fb17e4 
					 
					
						
						
							
							minor update to getting started file  
						
						... 
						
						
						
						Updating Base Class section/description 
						
						
					 
					
						2017-07-12 16:59:13 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						bf06d645a1 
					 
					
						
						
							
							Merge remote-tracking branch 'upstream/develop' into develop  
						
						
						
						
					 
					
						2017-07-10 10:18:12 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						10481cb63d 
					 
					
						
						
							
							lesson overview updates ( #369 )  
						
						... 
						
						
						
						* Lesson Overview updates
* including restart lesson fix for lesson overview 
						
						
					 
					
						2017-07-10 08:33:28 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						82ef171a50 
					 
					
						
						
							
							XSS Lesson Modifications ( #367 )  
						
						... 
						
						
						
						* initial cut on XSS, need to add some tests still
* initial unit tests for assignment endpoints
* updating header comment license thingy
* comment, clean up
* Stubs for security unit test
* Additional Unit Testing
* isEncoded and isNotEncoded Unit Tests added
* http-proxies updates
* update for XXE solutions
* Work-around to handle special chars in action ... currently to be able to match {userId} in hint creation/assignment for IDOR
* IDOR hints updated
* mitigation content update
* mitigation content update ... 2
* Lesson Overview updates
* including restart lesson fix for lesson overview 
						
						
					 
					
						2017-07-10 08:33:10 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						fb65534355 
					 
					
						
						
							
							Merging  from 'injection-updates' into local develop branch  
						
						
						
						
					 
					
						2017-07-03 15:22:02 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						2e4e4ea716 
					 
					
						
						
							
							including restart lesson fix for lesson overview  
						
						
						
						
					 
					
						2017-07-03 12:37:15 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						daaf361dd2 
					 
					
						
						
							
							Lesson Overview updates  
						
						
						
						
					 
					
						2017-07-03 12:14:01 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						921561cf32 
					 
					
						
						
							
							mitigation content update ... 2  
						
						
						
						
					 
					
						2017-06-27 11:33:39 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						ebb851b361 
					 
					
						
						
							
							mitigation content update  
						
						
						
						
					 
					
						2017-06-27 11:28:16 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						296723508b 
					 
					
						
						
							
							IDOR hints updated  
						
						
						
						
					 
					
						2017-06-27 10:26:22 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						89e2fc109c 
					 
					
						
						
							
							Work-around to handle special chars in action ... currently to be able to match {userId} in hint creation/assignment for IDOR  
						
						
						
						
					 
					
						2017-06-27 10:24:38 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						dd18e68660 
					 
					
						
						
							
							merge of upstream, conflict resolution  
						
						
						
						
					 
					
						2017-06-27 08:30:58 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						3a9bb946ed 
					 
					
						
						
							
							update for XXE solutions  
						
						
						
						
					 
					
						2017-06-27 08:27:06 -04:00