dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,463 Commits 11 Branches 78 Tags
Commit Graph

36 Commits

Author SHA1 Message Date
Nanne Baars
753a2db958 #846: add extra test to verify whether the solution is solved for the original user as well 2020-11-04 20:35:05 +01:00
René Zubcevic
317573c897
Small fixes june 2020 (#857) 
* issue 849

* another integration test for a challenge

* fixing issue 848

* updated link for issue 833

* fix for 847
 2020-07-08 19:26:09 +02:00
Satoshi SAKAO
9063b4137f fix 404 links 2020-04-27 10:44:39 +02:00
René Zubcevic
6f532683a1 lessonplan character updates so it also works on Windows Cp125 2020-04-20 12:54:18 +02:00
Nanne Baars
6c25cf8e43 Add path traversal lesson 2020-03-10 08:03:48 +01:00
Tiago Mussi
c4c28f544f Fixed CSRF broken links. 2020-03-06 17:15:10 +01:00
René Zubcevic
4e371b63d0
suppressing some useless log messages and banners in unit tests (#752) 
* suppressing some useless log messages and banners in unit tests

* some more log suppressed
 2020-01-25 12:11:45 +01:00
Nanne Baars
71f2d2968f Fix NPE when request does not contain parameter (#739) 2020-01-05 15:14:53 +01:00
Nanne Baars
5dd6b31905 Adjust lesson template (#704) 
* Remove method `getId()` from all lessons as it defaults to the class name

* remove clean up endpoint

* remove unused class `RequestParameter`

* remove unused class `PluginLoadingFailure`

* Move `CourseConfiguration` to lesson package

* Add more content around the lesson template lesson and make it visible as a lesson in WebGoat

* Remove explicit invocation `trackProgress()` inside WebGoat framework so assignments only need to return an `AttackResult`

* Put original solution back as well for SQL string injection

* review comments

* Add
 2019-11-17 13:39:56 +01:00
Nanne Baars
1a83e2825e Code style (#696) 
* Remove Guava dependency from WebGoat

* Add Checkstyle to the project with very basic standards so we have a
style across lessons. It does not interfere with basic Intellij formatting
 2019-11-03 18:11:09 +01:00
Rene Zubcevic
6dc679e7b8 final tests and fixed the issue of getting the name of the loggedinuser 2019-10-15 13:59:18 +02:00
Rene Zubcevic
00873cfe3f csrf7 test cases added 2019-10-15 13:59:18 +02:00
Rene Zubcevic
e932253f06 initial test cases added 2019-10-15 13:59:18 +02:00
Nanne Baars
e8d086ac9b All successful 2019-09-20 07:59:04 +02:00
Nanne Baars
82ad0a7cc7 Finally working 2019-09-18 17:53:43 +02:00
Nanne Baars
2b01cbcb75 Fixed last tests 2019-09-16 07:43:22 +02:00
Nanne Baars
f774364461 Working unit tests 2019-09-13 20:05:25 +02:00
Nanne Baars
361249c666 First attempt at moving to Spring Boot 2 2019-09-12 17:22:03 +02:00
Matthias Grundmann
139651615e Make lesson csrf-7 stricter (do not allow invalid JSON, e.g. trailing =) 2019-08-22 17:44:52 +02:00
Nanne Baars
216b29fca2 Clean up in pom files 2019-07-24 20:37:32 +02:00
Matthias Grundmann
97f66545e0
In CSRF-3 use POST instead of GET to prevent solving the assignment just by opening the URL in a new tab 2019-07-12 17:25:58 +02:00
Matthias Grundmann
c7da546249 Improve text for lesson about CSRF login 2018-06-16 17:52:18 +02:00
misfir3
701a99cf8f
Merge pull request #487 from matthias-g/xssFixes 
Small lesson improvements
 2018-06-13 18:42:14 -06:00
Matthias Grundmann
e5ec2c1ee0
Fix html attribute 2018-06-13 17:56:57 +02:00
Matthias Grundmann
3b9b695ef1 Check host header instead of origin which might not be present #475 2018-06-13 11:38:33 +02:00
Nanne Baars
1edceb0aa8 Extended and fixed some lessons 2018-05-27 20:37:44 +02:00
Nanne Baars
ea9c1a453d Initial version for JWT 2018-05-23 14:28:19 +02:00
miig
5d28ef9fbe small fix for CSRF content type lesson descrption 2018-05-02 22:10:06 +02:00
nbaars
b99b554522 Version: docker 8.0.0.M9 Multiple users can't finalize the same lesson #432 2018-01-29 15:29:48 +01:00
Nanne Baars
43b82027f5 Added more content for CSRF lesson 2017-11-22 01:34:05 +01:00
Jason White
49c3008fe2 Typo fix for CSRF content 2017-10-13 10:33:38 -06:00
Jason White
8d488c6ac6 More CSRF Updates 2017-10-13 09:28:41 -06:00
Jason White
b03a32f92c update to do CSRF-based comment forging 2017-10-12 18:17:48 -06:00
Jason White
b156d81535 Initial cut on CSRF. More to come 2017-10-11 20:06:57 -06:00
Jason White
ac16342c17 #315 Adding UI handling and corresponding expected elements for html files for decoration. Inlucdes minor refactor 2017-01-25 17:46:31 +01:00
Nanne Baars
c80bfcbc2f First checkin for CSRF 
(cherry picked from commit a01a767)
 2016-11-23 17:09:35 +01:00