dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,151 Commits 11 Branches 78 Tags
Commit Graph

445 Commits

Author SHA1 Message Date
Jason White
264f7e74b6 Minor clean up in assignment endpoint 2017-01-25 14:56:20 -05:00
Jason White
f7ec164601 Adding request intercept assignment 2017-01-25 14:56:20 -05:00
Jason White
ac16342c17 #315 Adding UI handling and corresponding expected elements for html files for decoration. Inlucdes minor refactor 2017-01-25 17:46:31 +01:00
Nanne Baars
0779f7a3d0 Hints per lesson (#314) 
Squashing and merging ...

* Each assigment should have the options to have its own set of hints #278

* Updating lessons due to changes from #278

* Enable i18n client side #312

* IDOR move hints to assignment and enable i18n #312
 2017-01-24 09:34:06 -05:00
Nanne Baars
6d727b98e3 Create IDOR lesson #304 
- Fix put mapping
 2017-01-18 20:50:37 +01:00
Jason White
4e9b30d7f6 #304 incremental addition for IDOR, still experiencing 400 with PUT method 2017-01-09 14:02:00 -05:00
Jason White
fe4f568fc0 #304 update to IDOR. Still experiencing 400 on EditOwnProfile endpoint 2017-01-06 13:04:03 -05:00
Jason White
0a41b2813d #304 ... trying to fix prev. commit 2017-01-06 08:06:49 -05:00
Jason White
65eaa934ea Initial/partial commit of IDOR lesson 2017-01-05 17:30:53 -05:00
Nanne Baars
9c03b6f63b #276 Automatic lesson summary page 
- Basic overview of all the assignments needed to be solved in a lesson
 - Clicking on a link will jump to the correct page with the assignment
 - Lesson completed also updates lesson overview immediately
 2016-12-28 10:14:34 +01:00
Jason White
282073ed2d Adding ZAP content for HTTP Basics 2016-12-22 16:37:57 -05:00
Mario Zupan
6fa894938b Issue #275: Activate Syntax Highlighting with Coderay in Asciidoc templates 2016-12-15 17:37:30 +01:00
Nanne Baars
b8b632905d Fixing failing unit test 2016-12-08 22:06:21 +01:00
Nanne Baars
1a854a500e Lesson overview 2016-11-29 20:27:54 +01:00
Jason White
e183c8d8b3 implementing support for dom xss 2016-11-23 17:25:47 -05:00
Nanne Baars
5347311319 XXE last assignment completely working 2016-11-23 17:09:35 +01:00
Nanne Baars
c80bfcbc2f First checkin for CSRF 
(cherry picked from commit a01a767)
 2016-11-23 17:09:35 +01:00
Jason White
4940a12d0d button size fix 2016-11-22 16:25:19 -05:00
mayhew64
32d1009390 Reflected xss working - still have to think how to get the success criteria. Page needs some work though 2016-11-21 23:09:58 -05:00
Bruce Mayhew
edaadecc38 Merge pull request #286 from WebGoat/feature/spring-boot 
First draft at XSS
 2016-11-21 18:37:53 -05:00
Jason White
2647722842 fixing typo 2016-11-21 13:50:21 -05:00
mayhew64
95607089d4 First draft at XSS 2016-11-21 13:39:43 -05:00
Nanne Baars
f2a114419a XXE checkin 2016-11-18 10:39:39 +01:00
Nanne Baars
38e5999472 XXE checkin 2016-11-17 17:36:17 +01:00
Nanne Baars
f698a2d6ae XXE first attempt 2016-11-17 16:27:41 +01:00
Nanne Baars
6d45bbc09c HTTP-Basics mark lesson complete issue fixed 2016-11-17 15:00:54 +01:00
Jason White
b5fd52e908 refactor to help accomodate multiple attacks and output in one 'page' 2016-11-17 08:06:06 -05:00
mayhew64
507a4cfbdb few cleanup items, added least privilege 2016-11-16 17:56:29 -05:00
mayhew64
f091e21c60 Fixed test for password 2016-11-16 16:18:22 -05:00
mayhew64
29447a11b4 First wave is complete; some rendering issues 2016-11-16 13:41:51 -05:00
mayhew64
24b2e79dc5 Trying to wire up the DB connection and fill out first sql stub 2016-11-15 22:40:24 -05:00
mayhew64
0285bf96a7 another stub 2016-11-15 19:39:23 -05:00
mayhew64
67adddbffc Merge branch 'feature/spring-boot' of https://github.com/WebGoat/WebGoat into feature/spring-boot 2016-11-15 19:38:26 -05:00
mayhew64
8b6ad92aea First round of sql injection with stubs 2016-11-15 19:37:11 -05:00
Nanne Baars
6b9e9db4aa #272 Fix lesson client side filtering 
- Endpoint now returns proper json and no longer uses ecs.
 2016-11-15 22:41:59 +01:00
Nanne Baars
640e3ffb4e mvn clean should also clean lesson jar files added .webgoat directory as well 2016-11-15 18:12:29 +01:00
Nanne Baars
44f5c60e78 #272 Fix lesson client side filtering 2016-11-15 17:38:10 +01:00
mayhew64
00f0ee8942 Fixed imports 2016-11-15 07:26:17 -05:00
mayhew64
dad7bdba92 Merge branch 'feature/spring-boot' of https://github.com/WebGoat/WebGoat into feature/spring-boot 2016-11-15 07:11:43 -05:00
mayhew64
abcc6c4dcb SQL Injection - it's broken 2016-11-15 07:11:24 -05:00
Nanne Baars
5babe19f2b Fixed issue with lesson tracking 2016-11-15 09:28:39 +01:00
Nanne Baars
0bec575913 Moving forward cleaning up some unnecessary lesson super classes which we 
do not need to support anymore in 8.0:

- Introduced DI thoughout the code base
- Removed most superclasses of a lesson
- Hammerhead is now simplified to only one line of code
- Cleaned up WebSession
- Removed code which dealt with user roles, lesson fetching, username etc
- LessonTracker improvements
- Removed almost all code from the Screen class
- Removed ECS from the container project
- Removed adminstration pages, contained a lot of ECS codes which is much
  simpler to just rewrite when necessary
 2016-11-06 21:09:47 +01:00
Nanne Baars
89a717bbd2 Clean up and introduced Spring Dev tools to automatically reload classes. 2016-10-30 15:13:32 +01:00
Nanne Baars
b8992bdc0e Spring Boot reload automatically enabled 2016-10-16 10:38:14 -04:00
Nanne Baars
c72e8df532 Moved lessons to this project. 2016-10-13 12:09:01 -04:00