dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,353 Commits 11 Branches 78 Tags
Commit Graph

2353 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nanne Baars
2614044918 Fix copying of pictures to WebGoat home directory 2020-04-27 13:07:23 +02:00
Nanne Baars
1aad57ba55 Fix the syntax differences between HSQL and Postgres 2020-04-27 11:45:41 +02:00
Nanne Baars
54610868fe Fix the syntax differences between HSQL and Postgres 2020-04-27 11:45:41 +02:00
Nanne Baars
4831338649 Remove explicit HSQLDB property from WebGoat and use the Spring Boot version 2020-04-27 11:45:41 +02:00
Nanne Baars
3bb7ee46bd Upgrade to Postgres 10 2020-04-27 11:45:41 +02:00
Satoshi SAKAO
1a9ce15e99 fix typo (hint3 will not be shown) 2020-04-27 10:44:39 +02:00
Satoshi SAKAO
9063b4137f fix 404 links 2020-04-27 10:44:39 +02:00
Satoshi SAKAO
d7ae3a4391 fix typo 2020-04-27 10:44:39 +02:00
Satoshi SAKAO
db66c1dd02 fix number of steps 2020-04-27 10:44:39 +02:00
Satoshi SAKAO
608728b135 fix asciidoc italic format 2020-04-27 10:44:39 +02:00
René Zubcevic
88eb4d7b26 ace editor added without all the nonsense around it 2020-04-26 16:45:56 +02:00
René Zubcevic
58bc94d1f6 fix green buttons 2020-04-22 16:37:00 +02:00
René Zubcevic
6f532683a1 lessonplan character updates so it also works on Windows Cp125 2020-04-20 12:54:18 +02:00
Nanne Baars
6b68a12449 Set more conditions for releasing 2020-04-19 15:42:50 +02:00
Nanne Baars
27bf08ad5c Deploy and release on Java 11 2020-04-19 15:42:50 +02:00
Nanne Baars
52b66ed506 Java 12 is EOL so no need to support it 2020-04-19 15:42:50 +02:00
Nanne Baars
a5350060e1 Add dummy extra method with return type AttackResult because every assignment needs at least one such mapping (in the challenges case this is optional but since the challenges are an extra thing and this is the only assignment which has no such method adding a dummy method makes sense) 2020-04-19 15:42:50 +02:00
Nanne Baars
4f649234a9 Fix Java 11 issue where the order of methods returned in AssignmentEndpoint subclasses returned wrong method for determining the mapping of an assignment. Now we walk over all methods until we find one which has for example a @GetMapping with AttackResult or ResponseEntity<AttackResult as return type. If no such method is found an exception is thrown 2020-04-19 15:42:50 +02:00
Nanne Baars
96412da04e Remove unused imports and parameters 2020-04-19 15:42:50 +02:00
Nanne Baars
0015394582 Fix typo 2020-04-19 15:42:50 +02:00
Nanne Baars
9cb63a7c43 Update to latest surefire plugin otherwise new JUnit 5 test fails 2020-04-19 15:42:50 +02:00
Nanne Baars
561fb1f7f4 Build matrix for building 2020-04-19 15:42:50 +02:00
Nanne Baars
3b7481c2a7 Update method signature 2020-04-19 15:42:50 +02:00
Nanne Baars
f1768bd9a5 small update 2020-04-19 15:42:50 +02:00
Nanne Baars
407e19638f Add two more assignments for SQL injection where only filtering is applied. 2020-04-19 15:42:50 +02:00
Nanne Baars
122cc323f2 Changed the order of explanation of setting up ZAP/Burp a bit (feedback from workshop). This makes the necessary steps more explicit by moving all extra configuration for https etc to the back. So when you follow the lesson you will only setup the minimal and not get confused about things which are only necessary in certain cases 2020-04-19 15:42:50 +02:00
René Zubcevic
9509993a8f
all tests complete for Password Reset (#785) 2020-04-17 15:54:24 +02:00
René Zubcevic
25e66ae412 use of script console in stead of browser address bar 2020-04-17 15:33:26 +02:00
René Zubcevic
089952e9ad quiz fix for CIA, SQL Injection Advanced and XSS + XSS description 
change in alert(document.cookie)
 2020-04-17 15:33:26 +02:00
René Zubcevic
efc5a870a0
Path traversal windows unittest fix (#780) 
* fixes to support windows and linux/unix/mac

* fix in matcher
 2020-04-14 16:13:43 +02:00
René Zubcevic
0638cae6e5
corrected hints and improved error handling base64 (#781) 2020-04-14 16:13:25 +02:00
René Zubcevic
b8abc99faf fix for scoreboard after js refactoring 2020-04-08 12:05:01 +02:00
René Zubcevic
e921fb66a9 actual working version of vulnerable components part 5 2020-04-08 12:05:01 +02:00
René Zubcevic
e25f7a7560 clean up and update js 2020-04-08 12:05:01 +02:00
René Zubcevic
c4ae9ae2ab migrate to JUnit 5 code 2020-04-06 16:02:15 +02:00
René Zubcevic
c4153ecbfb
Maven owasp dep update (#776) 
* add pmd and owasp dependency check through -P owasp profile

* suppress full stack trace in log

* revert to spring 2.2.0 as 2.2.4 failed in travis

* added owasp dependency check maven configuration details to vulenerable
lesson page 7
 2020-04-06 16:01:09 +02:00
Nanne Baars
bb6d06713f Fix failing test 2020-03-10 08:03:48 +01:00
Nanne Baars
14022d88c9 Last assignment now filters out .. and / so encoding plays a role now 2020-03-10 08:03:48 +01:00
Nanne Baars
d4966b5e71 Fix test cases 2020-03-10 08:03:48 +01:00
Nanne Baars
b3840e60e3 Fix lessons 2020-03-10 08:03:48 +01:00
Nanne Baars
3ece45b3d4 Fix for not passing the content-type 2020-03-10 08:03:48 +01:00
Nanne Baars
6b7678fb1d Remove old files 2020-03-10 08:03:48 +01:00
Nanne Baars
6c25cf8e43 Add path traversal lesson 2020-03-10 08:03:48 +01:00
Tiago Mussi
c4c28f544f Fixed CSRF broken links. 2020-03-06 17:15:10 +01:00
René Zubcevic
3b050a856a tested solution with unit test and verfied with lesson 5 on ie 2020-02-28 23:11:29 +01:00
René Zubcevic
71d9c4b61a first steps 2020-02-28 23:11:29 +01:00
René Zubcevic
a8118a14cd add support for status 403 feedback from e.g. ModSecurity/CRS 2020-02-28 23:06:42 +01:00
René Zubcevic
5f3dff4921
added notes on salted hash (#758) 2020-02-27 07:20:58 +01:00
August Detlefsen
208aa42fdb
relax detection regex (#757) 
Allow for content before and after the script; Allow optional semicolon
 2020-02-20 20:00:07 +01:00
Jonathan Thompson
cd3fb8040f
Typo and grammar corrections for the crypto lessons (#756) 
* Correct typos and grammar errors.

* Revert one grammar change
 2020-02-09 08:00:08 +01:00