a11d3d0b1b
- Made movie little bit shorter because webgoat-server.jar was over 200Mb
...
- Movie was copy and pasted to csrf and auth lesson removed it from those lessons
- Made jars which are not necessary in the webgoat-server.jar optional
2017-11-02 15:39:49 +01:00
87a7521dcd
Adding introduction to WebGoat as the web interface opens with WebWolf which is confusing because people thought you needed to download WebWolf and start it directly. Feedback received during workshops
2017-11-02 14:28:20 +01:00
8729d9bfcf
Fixed minor issues for properties and starting WebGoat
2017-11-02 12:42:19 +01:00
1ecb43092d
Bumped version number
2017-10-18 19:58:14 +02:00
8250b4048f
Updating version number
2017-10-18 19:43:33 +02:00
3ee1a1ca16
Travis now builds Docker and create a Github release.
...
Removed ActiveMQ between WebGoat and WebWolf they now act as standalone applications
2017-10-18 10:54:16 +02:00
49c3008fe2
Typo fix for CSRF content
2017-10-13 10:33:38 -06:00
9e66ee177d
Image Cleanup for Http Proxies
2017-10-13 10:13:07 -06:00
f9a43d0961
xss updates
2017-10-13 09:52:19 -06:00
8d488c6ac6
More CSRF Updates
2017-10-13 09:28:41 -06:00
b03a32f92c
update to do CSRF-based comment forging
2017-10-12 18:17:48 -06:00
d0ec84e9a6
Merge remote-tracking branch 'upstream/develop' into develop
2017-10-11 20:29:47 -06:00
b156d81535
Initial cut on CSRF. More to come
2017-10-11 20:06:57 -06:00
5033c3661a
Cleaning up test case logging
2017-10-08 02:07:22 +02:00
8a982dedb5
Updated XXE lesson so it also uses WebWolf
2017-10-07 13:46:34 +02:00
46c536554c
- Added new challenges
...
- Added new webapplication called WebWolf to make attacks more realistic
- Added WebWolf lesson to explain the concepts behind this new application
2017-09-12 23:12:10 +02:00
ec2ab55749
fixing test directory structure
2017-08-09 00:24:04 -06:00
2463f534b5
Formatting and bumping file in test dir
2017-08-09 00:19:34 -06:00
8f740ace73
additional tests, one fix
2017-08-08 23:56:43 -06:00
476ab415a4
More tests for AC lesson
2017-08-08 18:47:49 -06:00
b8d17a1cfd
Basic endpoint tests added
2017-08-08 18:06:18 -06:00
b41751a55c
missing function level ac working again ... after VM implosion
2017-08-08 17:15:20 -06:00
8df1d53471
interim missing function ac commit, traversing dev. env.
2017-08-08 09:28:09 -06:00
06bf690a3a
Merge remote-tracking branch 'upstream/develop' into develop
2017-08-02 19:12:29 -04:00
10e5edbc36
temp. removal of offending UT
2017-08-02 19:06:55 -04:00
b06fb72a74
Fixed typo
2017-07-25 17:41:37 +02:00
f1a104f0ab
merging missing function-level-ac lesson
2017-07-25 09:44:10 -04:00
8186bd4766
css and xss updates
2017-07-24 18:05:57 -04:00
c44186f986
start of missing function ac lesson
2017-07-24 16:26:23 -04:00
fc05a68ef7
update to IDOR hints
2017-07-19 16:00:10 -04:00
9e1e4c1d2a
Merge remote-tracking branch 'upstream/develop' into auth-bypass
2017-07-19 08:58:24 -04:00
b57cfd06b1
Started testing. Having issues, but commiting stubs and making ticket to return
2017-07-19 08:56:48 -04:00
89bfc3f12d
fixing image
2017-07-18 17:54:50 -04:00
9b643728f8
verify account assignment hints
2017-07-18 17:48:57 -04:00
0cb4faf15f
refactor to support cleaner scoping && success and failure callbacks
2017-07-18 17:39:58 -04:00
ce7c271bb5
initial cut on auth-bypass lesson
2017-07-18 15:59:46 -04:00
cac1fb17e4
minor update to getting started file
...
Updating Base Class section/description
2017-07-12 16:59:13 -04:00
82ef171a50
XSS Lesson Modifications ( #367 )
...
* initial cut on XSS, need to add some tests still
* initial unit tests for assignment endpoints
* updating header comment license thingy
* comment, clean up
* Stubs for security unit test
* Additional Unit Testing
* isEncoded and isNotEncoded Unit Tests added
* http-proxies updates
* update for XXE solutions
* Work-around to handle special chars in action ... currently to be able to match {userId} in hint creation/assignment for IDOR
* IDOR hints updated
* mitigation content update
* mitigation content update ... 2
* Lesson Overview updates
* including restart lesson fix for lesson overview
2017-07-10 08:33:10 -04:00
921561cf32
mitigation content update ... 2
2017-06-27 11:33:39 -04:00
ebb851b361
mitigation content update
2017-06-27 11:28:16 -04:00
296723508b
IDOR hints updated
2017-06-27 10:26:22 -04:00
dd18e68660
merge of upstream, conflict resolution
2017-06-27 08:30:58 -04:00
3a9bb946ed
update for XXE solutions
2017-06-27 08:27:06 -04:00
3ec5b8708e
clean up of unneeded stuff in pom
2017-06-23 14:46:40 -04:00
ccb4e3813b
#353 - lesson template/guide
2017-06-23 14:46:09 -04:00
edceba73fe
- Added testcases for bypassing frontend validation.
...
- Improved layout of the lesson
- Fixed JavaScript issues with 'let'
2017-06-16 01:16:31 +02:00
bf210de013
Added testcase for SQL lesson 6b
2017-06-16 00:33:02 +02:00
e808abd504
Added testcase for SQL lesson 6a
2017-06-16 00:23:40 +02:00
f1fd214580
Added more testcases for the SQL lesson 12
2017-06-15 23:49:03 +02:00
7809057208
Enabled the challenges again to make them visible for everybody who starts WebGoat
2017-06-15 23:38:04 +02:00
