0b92a57f77
WebGoat no longer runs as root in the Docker container.
2017-07-26 05:06:40 +02:00
b06fb72a74
Fixed typo
2017-07-25 17:41:37 +02:00
f1a104f0ab
merging missing function-level-ac lesson
2017-07-25 09:44:10 -04:00
8186bd4766
css and xss updates
2017-07-24 18:05:57 -04:00
c44186f986
start of missing function ac lesson
2017-07-24 16:26:23 -04:00
ca4b0c06b5
lesson css file
2017-07-24 11:34:10 -04:00
c87f75ed18
Merge pull request #375 from misfir3/develop
...
Minor Updates to Categories and IDOR hints
2017-07-19 16:45:38 -04:00
fc05a68ef7
update to IDOR hints
2017-07-19 16:00:10 -04:00
dce962bdeb
Updating Category ordering, closer to T10
2017-07-19 15:54:50 -04:00
8a2499c56a
Update to README.MD ( #372 )
...
Providing instructions on how to change listening IP address.
2017-07-19 09:55:10 -04:00
9e1e4c1d2a
Merge remote-tracking branch 'upstream/develop' into auth-bypass
2017-07-19 08:58:24 -04:00
b57cfd06b1
Started testing. Having issues, but commiting stubs and making ticket to return
2017-07-19 08:56:48 -04:00
89bfc3f12d
fixing image
2017-07-18 17:54:50 -04:00
9b643728f8
verify account assignment hints
2017-07-18 17:48:57 -04:00
0cb4faf15f
refactor to support cleaner scoping && success and failure callbacks
2017-07-18 17:39:58 -04:00
ce7c271bb5
initial cut on auth-bypass lesson
2017-07-18 15:59:46 -04:00
cac1fb17e4
minor update to getting started file
...
Updating Base Class section/description
2017-07-12 16:59:13 -04:00
bf06d645a1
Merge remote-tracking branch 'upstream/develop' into develop
2017-07-10 10:18:12 -04:00
10481cb63d
lesson overview updates ( #369 )
...
* Lesson Overview updates
* including restart lesson fix for lesson overview
2017-07-10 08:33:28 -04:00
82ef171a50
XSS Lesson Modifications ( #367 )
...
* initial cut on XSS, need to add some tests still
* initial unit tests for assignment endpoints
* updating header comment license thingy
* comment, clean up
* Stubs for security unit test
* Additional Unit Testing
* isEncoded and isNotEncoded Unit Tests added
* http-proxies updates
* update for XXE solutions
* Work-around to handle special chars in action ... currently to be able to match {userId} in hint creation/assignment for IDOR
* IDOR hints updated
* mitigation content update
* mitigation content update ... 2
* Lesson Overview updates
* including restart lesson fix for lesson overview
2017-07-10 08:33:10 -04:00
fb65534355
Merging from 'injection-updates' into local develop branch
2017-07-03 15:22:02 -04:00
2e4e4ea716
including restart lesson fix for lesson overview
2017-07-03 12:37:15 -04:00
daaf361dd2
Lesson Overview updates
2017-07-03 12:14:01 -04:00
921561cf32
mitigation content update ... 2
2017-06-27 11:33:39 -04:00
ebb851b361
mitigation content update
2017-06-27 11:28:16 -04:00
296723508b
IDOR hints updated
2017-06-27 10:26:22 -04:00
89e2fc109c
Work-around to handle special chars in action ... currently to be able to match {userId} in hint creation/assignment for IDOR
2017-06-27 10:24:38 -04:00
dd18e68660
merge of upstream, conflict resolution
2017-06-27 08:30:58 -04:00
3a9bb946ed
update for XXE solutions
2017-06-27 08:27:06 -04:00
3ec5b8708e
clean up of unneeded stuff in pom
2017-06-23 14:46:40 -04:00
ccb4e3813b
#353 - lesson template/guide
2017-06-23 14:46:09 -04:00
b304dbb552
Changed to develop for coverage
2017-06-20 09:44:12 +02:00
edceba73fe
- Added testcases for bypassing frontend validation.
...
- Improved layout of the lesson
- Fixed JavaScript issues with 'let'
2017-06-16 01:16:31 +02:00
bf210de013
Added testcase for SQL lesson 6b
2017-06-16 00:33:02 +02:00
e808abd504
Added testcase for SQL lesson 6a
2017-06-16 00:23:40 +02:00
f1fd214580
Added more testcases for the SQL lesson 12
2017-06-15 23:49:03 +02:00
7809057208
Enabled the challenges again to make them visible for everybody who starts WebGoat
2017-06-15 23:38:04 +02:00
36ad73c800
Added more mitigations for XXE
2017-06-15 23:36:51 +02:00
e9ad20cb30
Make sure we clean all the files below the .webgoat dir
2017-06-15 19:08:19 +02:00
a484467419
Adding extra lesson for order by clauses
2017-06-15 19:08:19 +02:00
ee912f734b
Added SQL injection from challenge to lesson and added content for a blind sql injection
2017-06-15 19:08:19 +02:00
0740c4ba95
Split large SQL lesson
2017-06-15 19:08:19 +02:00
b048988d2f
Changed layout of the html tampering lesson and fixed some JavaScript issues. Added a small mitigation page.
...
Moved the lessons concerning client side validation to client side category
2017-06-13 03:22:19 +02:00
09d8fef50e
Merge branch 'develop' of github.com:WebGoat/WebGoat into develop
2017-06-12 20:02:30 +02:00
870fa000aa
bypass front-end restrictions (javascript validation)
2017-06-13 10:09:39 +02:00
01421ca822
html restrictions lesson
2017-06-13 10:09:39 +02:00
007cdaa0d8
insecure login lesson
2017-06-13 10:09:39 +02:00
99f75a835c
#359 Fixed
2017-06-12 20:02:21 +02:00
52a48df70c
XXE successfully completed message was no longer shown, fixed it by using form POST together with customjs functions.
...
Introduced callback functionality which you can specify after the posting in order to be able to load the comments list again.
2017-06-12 15:08:55 +02:00
19a4859e4f
Fix hint not being display correctly due to missing escaping
2017-06-12 13:03:14 +02:00
