cb6b1d73d1
upgrade to latest spring-boot libs and fixed related issues
2021-12-20 21:45:44 +01:00
ac4b06f11b
Move enabling security to WebGoat core and add resetting the lessons.
...
We can use it for more lessons and showcase how to apply security directly from the source code.
Resolves : #1176
2021-12-20 16:45:06 +01:00
e169650ebc
Update documentation
2021-12-15 17:47:12 +01:00
2589aa3fa4
Update documentation
2021-12-15 17:46:58 +01:00
51c007c545
Update documentation
2021-12-15 17:46:46 +01:00
5089c107ba
Update documentation
2021-12-15 17:46:35 +01:00
69a93f30d2
update documentation
2021-12-15 17:46:24 +01:00
0658fcefcd
update documentation
2021-12-15 17:46:03 +01:00
d41d21b2e6
Update the documentation
2021-12-15 17:45:52 +01:00
939f860ddd
renamed spoof-cookie form
2021-12-08 19:37:10 +01:00
d496c929b3
Use variables to check WebWolf host and port
...
WebWolf can start on a different port, the assignment should take this into account and not check for a hardcoded value.
Resolves : #1055
2021-11-23 13:22:08 +01:00
f8dda37027
Rename properties
...
Rename `webwolf.url.*` to `webwolf.*.url` making it easier to move to a configuration class as no nested property is necessary
2021-11-23 13:22:08 +01:00
dd2e9f074d
Hijack Session Lesson
2021-11-19 13:07:49 +01:00
fc6b0f28df
Add endpoint for the JavaScript to post to
...
The JavaScript posts to a random endpoint resulting in a HTTP/405 we now post to an existing endpoint.
Resolves : #1142
2021-11-16 16:34:14 +01:00
f13632578d
Fix layout of assignment and remove duplicate feedback
...
Resolves : #1143
2021-11-16 16:34:02 +01:00
b23b428763
Fix spelling/grammar
...
Resolves : #1143
2021-11-16 16:34:02 +01:00
32a41debad
Fix spelling/grammar and reference to ZAP 2.8.0
...
Resolves : #1141
2021-11-16 16:33:48 +01:00
fafddda82a
Update ZAP instructions
...
We reference ZAP 2.8.0 explicitly which is not necessary. Also the way ZAP works changed, we no longer need to change the port as ZAP will report there is a conflict during startup.
Resolves : #1141
2021-11-16 16:33:48 +01:00
5bf33db78f
Remove obsolete hints
2021-11-16 16:33:36 +01:00
20d7015dff
Move unit test to JUnit 5
2021-11-16 16:33:36 +01:00
2fbc52e6a2
Remove some unused code
2021-11-16 16:33:36 +01:00
ab0433bb67
Fix link and typo
...
The link pointed to the old OWASP website. Also fixed some typos here and there
Resolves : #1136
2021-11-16 16:33:10 +01:00
f2f7f36a6d
Fix typo in hints
...
The hints for JWT used `jwt` instead of `JWT` which makes it difficult to solve the lesson as the hint actually points someone in the wrong direction.
Resolves : #123
2021-11-16 16:32:57 +01:00
3ad51e6d6b
Rewrite lesson to be self-contained and not depend on the core of WebGoat for fetching users
...
Split the assignment into 2 assignments
2021-11-16 16:32:43 +01:00
2bd6b36210
Fix layout assignment 2
2021-11-16 16:32:43 +01:00
bcaf4485c2
Move css to lesson itself
2021-11-16 16:32:43 +01:00
cd2e1c1c09
Fix spelling issues
2021-11-16 16:32:43 +01:00
c7e04cef97
Add logging to pom.xml
2021-11-16 16:24:45 +01:00
fa2769cb25
Updating poms
2021-11-16 16:24:45 +01:00
1a64fcd8d4
Recommit logging lesson as PR got a lot of conflicts
2021-11-16 16:24:45 +01:00
ff67ee6484
Update to correct version
2021-10-04 14:40:19 +02:00
a7b9954d0f
1101: fix quoting in statement
2021-10-02 17:39:26 +02:00
dfa0e1cdca
XSS Lesson one boolean response
...
Signed-off-by: Àngel Ollé Blázquez <angel@olleb.com >
2021-10-02 01:09:52 +02:00
14a6efedf3
Add extra documentation for using the correct algorithm but removing the signature.
2021-09-29 15:21:09 +02:00
362248a065
Fix token signature validation
2021-09-29 13:51:17 +02:00
04d1293a33
#1045 : Run build with Java 16
2021-09-23 16:09:28 +02:00
8e567b0f86
Spoofing an Authentication Cookie lesson
2021-09-23 15:51:17 +02:00
42369816c9
1026 ( #1047 )
...
* Move back to Java 15 as XML parsers fail with XXE lesson
* Documentation improvement
2021-09-17 13:46:58 +02:00
7ec6826abc
#1031 : Fix lesson
...
- Hints not shown
- Add more hints
- Incorrect grant statement in lesson as example (removed it)
2021-09-05 14:32:55 +02:00
a14e84d5c5
#1039 : Fix token
...
Replace `name` with `user` and add `admin`
2021-09-05 13:07:56 +02:00
14ab2faeaf
Bump jsoup in /webgoat-lessons/cross-site-scripting
...
Bumps [jsoup](https://github.com/jhy/jsoup ) from 1.13.1 to 1.14.2.
- [Release notes](https://github.com/jhy/jsoup/releases )
- [Changelog](https://github.com/jhy/jsoup/blob/master/CHANGES )
- [Commits](https://github.com/jhy/jsoup/compare/jsoup-1.13.1...jsoup-1.14.2 )
---
updated-dependencies:
- dependency-name: org.jsoup:jsoup
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com >
2021-09-04 16:28:15 +02:00
6aaa743302
Fix vulnerable components lesson for Java 16.
2021-09-04 16:08:33 +02:00
d566080a79
fix typo
2021-08-14 10:52:16 +02:00
60bd04b9aa
Move to snapshot version
2021-07-29 11:13:16 +03:00
a641a19615
Add zip slip to path traversal lesson
2021-05-23 21:18:56 +02:00
81c551552b
Fix layout issue image
2021-05-23 20:11:23 +02:00
69a370f438
New release, updating pom.xml
2021-05-23 20:11:23 +02:00
a53ba0af5c
Fix for accidentally disabled integration tests ( #997 )
...
* drop column is no longer required due to better db seperation
'
* integration test fix with BeforeAll
2021-05-19 18:20:31 +02:00
a1071e9c00
Fix return type of asciidoctor macro implementation.
2021-04-23 15:11:56 +02:00
38f1d52bf3
Corrected typos and poor grammar found in the SQL Injection lessons.
2021-04-16 13:29:01 +02:00
