dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
217 Commits 11 Branches 78 Tags
Commit Graph

217 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
rogan.dawes
2fd09c3084 Add a new Concurrency lesson 
Created by Ryan Knell @Aspect Security


git-svn-id: http://webgoat.googlecode.com/svn/trunk@222 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:08:45 +00:00
mayhew64
3b128c8ebb Removed space from path information 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@221 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-09 19:50:49 +00:00
mayhew64
84ca966ce5 Added client side validation to HiddenFieldTampering.java, added a new ECS makeButton with a OnClick function, corrected authorship in several files 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@220 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-09 13:28:07 +00:00
mayhew64
3645564018 Added source parameter to "Show Java" for showing lesson source code. Added Google Mail configuration to UncheckedEmail lesson. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@219 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-08 12:53:09 +00:00
mayhew64
d92c716ff4 Added source parameter to "Show Java" for showing lesson source code. Added Google Mail configuration to UncheckedEmail lesson. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@218 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-08 12:51:13 +00:00
mayhew64
23e7fe1f4f Build cleanup in order to create a complete developer distribution. More menu cleanup 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@217 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-03 21:09:17 +00:00
mayhew64
f6e0cb7ed0 Don't know what these are? 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@216 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-03 21:06:52 +00:00
mayhew64
822ce10ca2 5.1 RC2 build updates 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@215 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-02 14:05:58 +00:00
mayhew64
c1f55215a8 Menu cleanup for Lab stages. Shortened menu names for most lessons. Changed category naming to be more meaningful. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@214 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-02 13:48:19 +00:00
mayhew64
ee0bc82bec Single platform build.xml 
Modified Lesson banners
Solutions guide and framework

git-svn-id: http://webgoat.googlecode.com/svn/trunk@213 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-10-08 20:37:43 +00:00
rogan.dawes
a9fe7e6099 Implement non-coding modes for the labs 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@211 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-25 12:57:57 +00:00
rogan.dawes
f62eb33c4b Commit Dave's fixes 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@210 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-25 12:57:17 +00:00
rogan.dawes
d9979e46ed Another place where we need to compare without case 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@209 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-25 12:56:51 +00:00
rogan.dawes
b67bb702d2 Fix more places where the email address was hard-coded 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@208 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-25 12:56:35 +00:00
rogan.dawes
6de7bd9ec9 Fix the feedback address in other places 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@207 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-25 12:56:06 +00:00
rogan.dawes
d65f5bfd85 Make the stages not right aligned 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@206 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-25 12:55:57 +00:00
rogan.dawes
7fd112bc5d Update Random Access Lessons to not include the stage number in the text 
We add the stage number programmatically now, since we want to be able
to skip some stages.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@205 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-25 12:55:49 +00:00
rogan.dawes
add34a24dc Make the test for the Auth header name case-insensitive 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@204 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-25 12:55:18 +00:00
rogan.dawes
043c0e5926 Remove Microsoft quotes 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@203 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:37:58 +00:00
rogan.dawes
fb76b4916f Unify web.xml files. Also update the webgoat contact email address 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@202 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:37:42 +00:00
rogan.dawes
f9b5f8eddf Show completion of individual lesson stages 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@201 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:37:31 +00:00
rogan.dawes
a2f99be11a Remove unnecessary setMessage() calls 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@200 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:37:24 +00:00
rogan.dawes
f831487fa2 Add descriptions to the stages 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@199 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:36:42 +00:00
rogan.dawes
002dbbf53c Point the windows config file to use the HSQLDB database 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@198 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:36:11 +00:00
rogan.dawes
5fd4b44303 Fix line endings 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@197 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:36:02 +00:00
rogan.dawes
c65faceb1a A recent change to AbstractLesson.getLink() broke visit tracking 
Fix the lesson tracking to be more specific.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@196 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:35:42 +00:00
rogan.dawes
c1ddbd078f Correctly specify an in-memory database 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@195 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:35:31 +00:00
rogan.dawes
ee8e9d91bb Mark SequentialLessonAdapter as abstract to prevent instantiation 
Otherwise it shows up as an "Untitled Lesson"


git-svn-id: http://webgoat.googlecode.com/svn/trunk@194 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:35:22 +00:00
rogan.dawes
0c2e04c655 Remove unused import 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@193 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:35:06 +00:00
rogan.dawes
7af27f7d1b Make per-user in-memory databases actually work 
Previously we would just get a connection to the same database, regardless
of the user specified in the connect string. Trying to create
HSQLDB users did not seem to work. Non-ADMIN users don't have
CREATE TABLE privileges, it seems, and I couldn't find docs that
describe how to GRANT CREATE TABLE privileges. Go figure.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@192 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:34:53 +00:00
rogan.dawes
cf047786f3 An INSERT statement cannot be executed as a query 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@191 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:34:31 +00:00
rogan.dawes
d04371884b Allow WebGoat to create per-user databases 
This creates the infrastructure to allow WebGoat to create per-user
databases, so that any modifications made by one user do not affect
other users. Some lessons may have made provision for this internally
(e.g. CrossSiteScripting lesson), but this simplifies things generally.

This also switches the default database from Access on windows, and
Enhydra on Unix/other platforms to using HSQLDB, in an "in-memory"
configuration. We may get performance problems from having too many
instances of the database in memory at once at sites that have 10's
of users banging on a central WebGoat. Only time will tell.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@190 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:34:14 +00:00
rogan.dawes
9d19fa2433 Remove unused code to clean up warnings 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@189 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:33:14 +00:00
rogan.dawes
9e352396d3 Remove warnings by generic'ising users of Collections classes 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@188 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:32:59 +00:00
rogan.dawes
e41a5ca395 Removed unused code that was generating warnings 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@187 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:32:31 +00:00
rogan.dawes
4a70fdac26 Add automatically generated serialVersionUID to silence warnings 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@186 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:32:08 +00:00
rogan.dawes
d709ff9506 Fix warnings 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@185 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:31:42 +00:00
rogan.dawes
9ea97126b8 Use AbstractLesson.getLink() and getFormAction() more 
Rather than constructing URL's manually all the time, rather
make use of existing mechanisms to create the URL, and use
it consistently.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@184 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:31:11 +00:00
rogan.dawes
e27aaccb45 Make multi-stage lessons show the individual stages in the menu 
While we are about it, make AbstractLesson.getLink() include
the category (i.e. menu), so that the menu selection script
will still work.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@183 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:29:53 +00:00
rogan.dawes
77ab0c5406 Update stage completion message 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@182 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:29:33 +00:00
rogan.dawes
84f3b5033d Minor changes to the challenge screen 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@181 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:29:15 +00:00
rogan.dawes
184eaae260 Update the messages issued when a stage is completed. 
We provide an automatic message on completion, which is easy to override.
Simply call setMessage() AFTER calling setStageComplete().


git-svn-id: http://webgoat.googlecode.com/svn/trunk@180 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:29:07 +00:00
rogan.dawes
ab0423cb78 Update the stage descriptions and instructions 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@179 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:28:24 +00:00
rogan.dawes
ad7f4aec68 Re-add Aspect credits for various lessons 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@178 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:28:02 +00:00
rogan.dawes
5f5e2e829a The return type fix got lost. 
I don't know how to get back to the point in the SVN history
to fix this so that the build will actually work. I guess
I'd better just apply it here.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@177 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 13:40:01 +00:00
rogan.dawes
47a7619652 Fixes: Make sure procedures are created in the right scope/user 
Also, create the EMPLOYEE table first, since Oracle checks for it


git-svn-id: http://webgoat.googlecode.com/svn/trunk@176 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:56:41 +00:00
rogan.dawes
afb5b9e740 SQLPLUS does not process CREATE PROCEDURE lines without a trailing / 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@175 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:56:33 +00:00
rogan.dawes
7bb2c087a0 Add lesson plans for the DB labs 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@174 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:56:26 +00:00
rogan.dawes
d1fe861a75 Add a DB Cross Site Scripting lesson 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@173 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:56:13 +00:00
rogan.dawes
73035769aa Add stored procedures for the DB Cross Stie Scripting Lesson 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@172 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:55:32 +00:00