8d488c6ac6 
					 
					
						
						
							
							More CSRF Updates  
						
						
						
						
					 
					
						2017-10-13 09:28:41 -06:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						b03a32f92c 
					 
					
						
						
							
							update to do CSRF-based comment forging  
						
						
						
						
					 
					
						2017-10-12 18:17:48 -06:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						d0ec84e9a6 
					 
					
						
						
							
							Merge remote-tracking branch 'upstream/develop' into develop  
						
						
						
						
					 
					
						2017-10-11 20:29:47 -06:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						b156d81535 
					 
					
						
						
							
							Initial cut on CSRF. More to come  
						
						
						
						
					 
					
						2017-10-11 20:06:57 -06:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						5033c3661a 
					 
					
						
						
							
							Cleaning up test case logging  
						
						
						
						
					 
					
						2017-10-08 02:07:22 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						8a982dedb5 
					 
					
						
						
							
							Updated XXE lesson so it also uses WebWolf  
						
						
						
						
					 
					
						2017-10-07 13:46:34 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						46c536554c 
					 
					
						
						
							
							- Added new challenges  
						
						... 
						
						
						
						- Added new webapplication called WebWolf to make attacks more realistic
- Added WebWolf lesson to explain the concepts behind this new application 
						
						
					 
					
						2017-09-12 23:12:10 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						ec2ab55749 
					 
					
						
						
							
							fixing test directory structure  
						
						
						
						
					 
					
						2017-08-09 00:24:04 -06:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						2463f534b5 
					 
					
						
						
							
							Formatting and bumping file in test dir  
						
						
						
						
					 
					
						2017-08-09 00:19:34 -06:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						8f740ace73 
					 
					
						
						
							
							additional tests, one fix  
						
						
						
						
					 
					
						2017-08-08 23:56:43 -06:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						476ab415a4 
					 
					
						
						
							
							More tests for AC lesson  
						
						
						
						
					 
					
						2017-08-08 18:47:49 -06:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						b8d17a1cfd 
					 
					
						
						
							
							Basic endpoint tests added  
						
						
						
						
					 
					
						2017-08-08 18:06:18 -06:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						b41751a55c 
					 
					
						
						
							
							missing function level ac working again ... after VM implosion  
						
						
						
						
					 
					
						2017-08-08 17:15:20 -06:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						8df1d53471 
					 
					
						
						
							
							interim missing function ac commit, traversing dev. env.  
						
						
						
						
					 
					
						2017-08-08 09:28:09 -06:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						06bf690a3a 
					 
					
						
						
							
							Merge remote-tracking branch 'upstream/develop' into develop  
						
						
						
						
					 
					
						2017-08-02 19:12:29 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						10e5edbc36 
					 
					
						
						
							
							temp. removal of offending UT  
						
						
						
						
					 
					
						2017-08-02 19:06:55 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						b06fb72a74 
					 
					
						
						
							
							Fixed typo  
						
						
						
						
					 
					
						2017-07-25 17:41:37 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						f1a104f0ab 
					 
					
						
						
							
							merging missing function-level-ac lesson  
						
						
						
						
					 
					
						2017-07-25 09:44:10 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						8186bd4766 
					 
					
						
						
							
							css and xss updates  
						
						
						
						
					 
					
						2017-07-24 18:05:57 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						c44186f986 
					 
					
						
						
							
							start of missing function ac lesson  
						
						
						
						
					 
					
						2017-07-24 16:26:23 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						fc05a68ef7 
					 
					
						
						
							
							update to IDOR hints  
						
						
						
						
					 
					
						2017-07-19 16:00:10 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						9e1e4c1d2a 
					 
					
						
						
							
							Merge remote-tracking branch 'upstream/develop' into auth-bypass  
						
						
						
						
					 
					
						2017-07-19 08:58:24 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						b57cfd06b1 
					 
					
						
						
							
							Started testing. Having issues, but commiting stubs and making ticket to return  
						
						
						
						
					 
					
						2017-07-19 08:56:48 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						89bfc3f12d 
					 
					
						
						
							
							fixing image  
						
						
						
						
					 
					
						2017-07-18 17:54:50 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						9b643728f8 
					 
					
						
						
							
							verify account assignment hints  
						
						
						
						
					 
					
						2017-07-18 17:48:57 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						0cb4faf15f 
					 
					
						
						
							
							refactor to support cleaner scoping && success and failure callbacks  
						
						
						
						
					 
					
						2017-07-18 17:39:58 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						ce7c271bb5 
					 
					
						
						
							
							initial cut on auth-bypass lesson  
						
						
						
						
					 
					
						2017-07-18 15:59:46 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						cac1fb17e4 
					 
					
						
						
							
							minor update to getting started file  
						
						... 
						
						
						
						Updating Base Class section/description 
						
						
					 
					
						2017-07-12 16:59:13 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						82ef171a50 
					 
					
						
						
							
							XSS Lesson Modifications ( #367 )  
						
						... 
						
						
						
						* initial cut on XSS, need to add some tests still
* initial unit tests for assignment endpoints
* updating header comment license thingy
* comment, clean up
* Stubs for security unit test
* Additional Unit Testing
* isEncoded and isNotEncoded Unit Tests added
* http-proxies updates
* update for XXE solutions
* Work-around to handle special chars in action ... currently to be able to match {userId} in hint creation/assignment for IDOR
* IDOR hints updated
* mitigation content update
* mitigation content update ... 2
* Lesson Overview updates
* including restart lesson fix for lesson overview 
						
						
					 
					
						2017-07-10 08:33:10 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						921561cf32 
					 
					
						
						
							
							mitigation content update ... 2  
						
						
						
						
					 
					
						2017-06-27 11:33:39 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						ebb851b361 
					 
					
						
						
							
							mitigation content update  
						
						
						
						
					 
					
						2017-06-27 11:28:16 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						296723508b 
					 
					
						
						
							
							IDOR hints updated  
						
						
						
						
					 
					
						2017-06-27 10:26:22 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						dd18e68660 
					 
					
						
						
							
							merge of upstream, conflict resolution  
						
						
						
						
					 
					
						2017-06-27 08:30:58 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						3a9bb946ed 
					 
					
						
						
							
							update for XXE solutions  
						
						
						
						
					 
					
						2017-06-27 08:27:06 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						3ec5b8708e 
					 
					
						
						
							
							clean up of unneeded stuff in pom  
						
						
						
						
					 
					
						2017-06-23 14:46:40 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						ccb4e3813b 
					 
					
						
						
							
							#353  - lesson template/guide  
						
						
						
						
					 
					
						2017-06-23 14:46:09 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						edceba73fe 
					 
					
						
						
							
							- Added testcases for bypassing frontend validation.  
						
						... 
						
						
						
						- Improved layout of the lesson
- Fixed JavaScript issues with 'let' 
						
						
					 
					
						2017-06-16 01:16:31 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						bf210de013 
					 
					
						
						
							
							Added testcase for SQL lesson 6b  
						
						
						
						
					 
					
						2017-06-16 00:33:02 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						e808abd504 
					 
					
						
						
							
							Added testcase for SQL lesson 6a  
						
						
						
						
					 
					
						2017-06-16 00:23:40 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						f1fd214580 
					 
					
						
						
							
							Added more testcases for the SQL lesson 12  
						
						
						
						
					 
					
						2017-06-15 23:49:03 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						7809057208 
					 
					
						
						
							
							Enabled the challenges again to make them visible for everybody who starts WebGoat  
						
						
						
						
					 
					
						2017-06-15 23:38:04 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						36ad73c800 
					 
					
						
						
							
							Added more mitigations for XXE  
						
						
						
						
					 
					
						2017-06-15 23:36:51 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						a484467419 
					 
					
						
						
							
							Adding extra lesson for order by clauses  
						
						
						
						
					 
					
						2017-06-15 19:08:19 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						ee912f734b 
					 
					
						
						
							
							Added SQL injection from challenge to lesson and added content for a blind sql injection  
						
						
						
						
					 
					
						2017-06-15 19:08:19 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						0740c4ba95 
					 
					
						
						
							
							Split large SQL lesson  
						
						
						
						
					 
					
						2017-06-15 19:08:19 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						b048988d2f 
					 
					
						
						
							
							Changed layout of the html tampering lesson and fixed some JavaScript issues. Added a small mitigation page.  
						
						... 
						
						
						
						Moved the lessons concerning client side validation to client side category 
						
						
					 
					
						2017-06-13 03:22:19 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						09d8fef50e 
					 
					
						
						
							
							Merge branch 'develop' of github.com:WebGoat/WebGoat into develop  
						
						
						
						
					 
					
						2017-06-12 20:02:30 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						870fa000aa 
					 
					
						
						
							
							bypass front-end restrictions (javascript validation)  
						
						
						
						
					 
					
						2017-06-13 10:09:39 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						01421ca822 
					 
					
						
						
							
							html restrictions lesson  
						
						
						
						
					 
					
						2017-06-13 10:09:39 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						007cdaa0d8 
					 
					
						
						
							
							insecure login lesson  
						
						
						
						
					 
					
						2017-06-13 10:09:39 +02:00