ef6993c636
improving lesson due to issue #845
2020-07-09 19:21:42 +02:00
db9e1c4c4f
first step
2020-07-09 19:21:42 +02:00
317573c897
Small fixes june 2020 ( #857 )
...
* issue 849
* another integration test for a challenge
* fixing issue 848
* updated link for issue 833
* fix for 847
2020-07-08 19:26:09 +02:00
ba8444dd85
Update 1proxysetupsteps.adoc ( #854 )
...
thanks for the fix
2020-07-04 08:00:32 +02:00
219aad0bbc
Correcting incorrect information ( #835 )
...
Thanks for the improvement. Hope you liked the lesson.
2020-06-19 17:00:43 +02:00
98d17433f1
HTML Tampering mitigation: Typo fixes
2020-05-25 09:09:26 +02:00
11a7814626
Dinis Cruz Blog
...
This was discussed in ticket https://github.com/WebGoat/WebGoat/issues/724 however the Dinis Cruz Blog remains available through a blogspot.com URL which might be more interesting to reference than an web.archive.org link.
2020-05-25 09:08:55 +02:00
5311db8564
XSS Quiz: Fix 404
...
The original URL was malformed because it contained a closing ) which did not end up in the link. However the corrected link performs a redirect to the link provided in this patch.
2020-05-25 09:08:09 +02:00
ae156a4a0f
Function AC User: Spelling and grammar fixes.
2020-05-25 09:07:31 +02:00
9576c6b9da
Function AC Lesson 1: Spelling and grammar fixes.
2020-05-25 09:07:31 +02:00
6c83457231
Function ac intro: Spelling and grammar update
2020-05-25 09:07:31 +02:00
060851a4a2
IDOR_intro.adoc: Fix 404
...
The closing ')' in the URL was not taken up in the link causing a 404 when clicking the URL.
2020-05-24 09:57:29 +02:00
671691a5ed
XXE_changing_content_type.adoc: Typo fixes
2020-05-24 09:56:43 +02:00
f326755190
XXE_intro.adoc: Typo fixes
2020-05-24 09:56:43 +02:00
99edda6029
XXE_plan.adoc: Typo fixes
2020-05-24 09:56:43 +02:00
717f852680
InsecureLogin_intro.adoc: Typo fix
2020-05-24 09:56:43 +02:00
c42d6b15c3
SecurePasswordsAssignment: Fix output formatting
...
- When solving the solution (entering a correct password) then the 'Score: 4/4' does not start on a new line, instead it is glue to the Estimated cracking time line. As a solution the </br> is added as a suffix on that line (and successive lines).
- Maximum score is 4, not 5 (see also the assignment, and https://github.com/nulab/zxcvbn4j/blob/master/src/main/java/com/nulabinc/zxcvbn/TimeEstimates.java#L23 which is the origin of getScore() )
2020-05-24 09:56:01 +02:00
dfa3242aeb
Delete unused PasswordReset_password_reset_link.adoc
...
Not referenced in webgoat-lessons/password-reset/src/main/resources/html/PasswordReset.html, looks like a placeholder/dead code.
2020-05-24 09:39:18 +02:00
23762885fa
PasswordReset_host_header.adoc: Typo fixes
2020-05-24 09:39:18 +02:00
60087e441d
PasswordReset_SecurityQuestions.adoc: Typo fix.
2020-05-24 09:39:18 +02:00
2e8d0dd9b5
PasswordReset_plan.adoc: Spelling fixes
2020-05-24 09:38:25 +02:00
966d7a7aed
JWT_refresh.adoc: Fix spelling issues
2020-05-24 09:37:47 +02:00
39740e069e
New release
2020-05-22 14:10:31 +02:00
5739705d8a
Process review comments
2020-05-22 10:10:42 +02:00
9b72610510
Extend XXE lesson with more content and add solution description
...
Remove obsolete images
Add stylesheet items specific for asciidoctor so we can for icons and source numbering
2020-05-22 10:10:42 +02:00
c4a046bd12
Ch1 less default ( #814 )
...
* random pincode in challenge1
* unit test fix
2020-05-12 08:49:48 +02:00
f520c3589c
flag submission fixed ( #812 )
2020-05-07 11:04:00 +02:00
832d6432fc
fix for JWT green button and WebWolf intro green button and added jwt int tests ( #808 )
2020-05-07 08:28:45 +02:00
f4838e1233
add int test for acl
2020-05-01 09:15:29 +02:00
9dea696c4c
added int test for IDOR and fixed green button issue ( #801 )
2020-04-29 12:12:11 +02:00
2398949396
added ace js for java
2020-04-28 09:33:54 +02:00
57c008a697
Fix reading file, added try/catch and added tests
2020-04-28 09:25:39 +02:00
2614044918
Fix copying of pictures to WebGoat home directory
2020-04-27 13:07:23 +02:00
1aad57ba55
Fix the syntax differences between HSQL and Postgres
2020-04-27 11:45:41 +02:00
54610868fe
Fix the syntax differences between HSQL and Postgres
2020-04-27 11:45:41 +02:00
1a9ce15e99
fix typo (hint3 will not be shown)
2020-04-27 10:44:39 +02:00
9063b4137f
fix 404 links
2020-04-27 10:44:39 +02:00
d7ae3a4391
fix typo
2020-04-27 10:44:39 +02:00
db66c1dd02
fix number of steps
2020-04-27 10:44:39 +02:00
608728b135
fix asciidoc italic format
2020-04-27 10:44:39 +02:00
88eb4d7b26
ace editor added without all the nonsense around it
2020-04-26 16:45:56 +02:00
58bc94d1f6
fix green buttons
2020-04-22 16:37:00 +02:00
6f532683a1
lessonplan character updates so it also works on Windows Cp125
2020-04-20 12:54:18 +02:00
a5350060e1
Add dummy extra method with return type AttackResult because every assignment needs at least one such mapping (in the challenges case this is optional but since the challenges are an extra thing and this is the only assignment which has no such method adding a dummy method makes sense)
2020-04-19 15:42:50 +02:00
4f649234a9
Fix Java 11 issue where the order of methods returned in AssignmentEndpoint subclasses returned wrong method for determining the mapping of an assignment. Now we walk over all methods until we find one which has for example a @GetMapping with AttackResult or ResponseEntity<AttackResult as return type. If no such method is found an exception is thrown
2020-04-19 15:42:50 +02:00
96412da04e
Remove unused imports and parameters
2020-04-19 15:42:50 +02:00
3b7481c2a7
Update method signature
2020-04-19 15:42:50 +02:00
407e19638f
Add two more assignments for SQL injection where only filtering is applied.
2020-04-19 15:42:50 +02:00
122cc323f2
Changed the order of explanation of setting up ZAP/Burp a bit (feedback from workshop). This makes the necessary steps more explicit by moving all extra configuration for https etc to the back. So when you follow the lesson you will only setup the minimal and not get confused about things which are only necessary in certain cases
2020-04-19 15:42:50 +02:00
25e66ae412
use of script console in stead of browser address bar
2020-04-17 15:33:26 +02:00
