dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,672 Commits 11 Branches 78 Tags
Commit Graph

704 Commits

Author SHA1 Message Date
René Zubcevic
317573c897
Small fixes june 2020 (#857) 
* issue 849

* another integration test for a challenge

* fixing issue 848

* updated link for issue 833

* fix for 847
 2020-07-08 19:26:09 +02:00
Roy Stultiens
ba8444dd85
Update 1proxysetupsteps.adoc (#854) 
thanks for the fix
 2020-07-04 08:00:32 +02:00
Mike Robinson
219aad0bbc
Correcting incorrect information (#835) 
Thanks for the improvement. Hope you liked the lesson.
 2020-06-19 17:00:43 +02:00
Elie De Brauwer
98d17433f1 HTML Tampering mitigation: Typo fixes 2020-05-25 09:09:26 +02:00
Elie De Brauwer
11a7814626 Dinis Cruz Blog 
This was discussed in ticket https://github.com/WebGoat/WebGoat/issues/724 however the Dinis Cruz Blog remains available through a blogspot.com URL which might be more interesting to reference than an web.archive.org link.
 2020-05-25 09:08:55 +02:00
Elie De Brauwer
5311db8564 XSS Quiz: Fix 404 
The original URL was malformed because it contained a closing ) which did not end up in the link. However the corrected link performs a redirect to the link provided in this patch.
 2020-05-25 09:08:09 +02:00
Elie De Brauwer
ae156a4a0f Function AC User: Spelling and grammar fixes. 2020-05-25 09:07:31 +02:00
Elie De Brauwer
9576c6b9da Function AC Lesson 1: Spelling and grammar fixes. 2020-05-25 09:07:31 +02:00
Elie De Brauwer
6c83457231 Function ac intro: Spelling and grammar update 2020-05-25 09:07:31 +02:00
Elie De Brauwer
060851a4a2 IDOR_intro.adoc: Fix 404 
The closing ')' in the URL was not taken up in the link causing a 404 when clicking the URL.
 2020-05-24 09:57:29 +02:00
Elie De Brauwer
671691a5ed XXE_changing_content_type.adoc: Typo fixes 2020-05-24 09:56:43 +02:00
Elie De Brauwer
f326755190 XXE_intro.adoc: Typo fixes 2020-05-24 09:56:43 +02:00
Elie De Brauwer
99edda6029 XXE_plan.adoc: Typo fixes 2020-05-24 09:56:43 +02:00
Elie De Brauwer
717f852680 InsecureLogin_intro.adoc: Typo fix 2020-05-24 09:56:43 +02:00
Elie De Brauwer
c42d6b15c3 SecurePasswordsAssignment: Fix output formatting 
- When solving the solution (entering a correct password) then the 'Score: 4/4' does not start on a new line, instead it is glue to the Estimated cracking time line. As a solution the </br> is added as a suffix on that line (and successive lines).
- Maximum score is 4, not 5 (see also the assignment, and https://github.com/nulab/zxcvbn4j/blob/master/src/main/java/com/nulabinc/zxcvbn/TimeEstimates.java#L23 which is the origin of getScore() )
 2020-05-24 09:56:01 +02:00
Elie De Brauwer
dfa3242aeb Delete unused PasswordReset_password_reset_link.adoc 
Not referenced in webgoat-lessons/password-reset/src/main/resources/html/PasswordReset.html, looks like a placeholder/dead code.
 2020-05-24 09:39:18 +02:00
Elie De Brauwer
23762885fa PasswordReset_host_header.adoc: Typo fixes 2020-05-24 09:39:18 +02:00
Elie De Brauwer
60087e441d PasswordReset_SecurityQuestions.adoc: Typo fix. 2020-05-24 09:39:18 +02:00
Elie De Brauwer
2e8d0dd9b5 PasswordReset_plan.adoc: Spelling fixes 2020-05-24 09:38:25 +02:00
Elie De Brauwer
966d7a7aed JWT_refresh.adoc: Fix spelling issues 2020-05-24 09:37:47 +02:00
Nanne Baars
39740e069e New release 2020-05-22 14:10:31 +02:00
Nanne Baars
5739705d8a Process review comments 2020-05-22 10:10:42 +02:00
Nanne Baars
9b72610510 Extend XXE lesson with more content and add solution description 
Remove obsolete images
Add stylesheet items specific for asciidoctor so we can for icons and source numbering
 2020-05-22 10:10:42 +02:00
René Zubcevic
c4a046bd12
Ch1 less default (#814) 
* random pincode in challenge1

* unit test fix
 2020-05-12 08:49:48 +02:00
René Zubcevic
f520c3589c
flag submission fixed (#812) 2020-05-07 11:04:00 +02:00
René Zubcevic
832d6432fc
fix for JWT green button and WebWolf intro green button and added jwt int tests (#808) 2020-05-07 08:28:45 +02:00
René Zubcevic
f4838e1233 add int test for acl 2020-05-01 09:15:29 +02:00
René Zubcevic
9dea696c4c
added int test for IDOR and fixed green button issue (#801) 2020-04-29 12:12:11 +02:00
René Zubcevic
2398949396 added ace js for java 2020-04-28 09:33:54 +02:00
Nanne Baars
57c008a697 Fix reading file, added try/catch and added tests 2020-04-28 09:25:39 +02:00
Nanne Baars
2614044918 Fix copying of pictures to WebGoat home directory 2020-04-27 13:07:23 +02:00
Nanne Baars
1aad57ba55 Fix the syntax differences between HSQL and Postgres 2020-04-27 11:45:41 +02:00
Nanne Baars
54610868fe Fix the syntax differences between HSQL and Postgres 2020-04-27 11:45:41 +02:00
Satoshi SAKAO
1a9ce15e99 fix typo (hint3 will not be shown) 2020-04-27 10:44:39 +02:00
Satoshi SAKAO
9063b4137f fix 404 links 2020-04-27 10:44:39 +02:00
Satoshi SAKAO
d7ae3a4391 fix typo 2020-04-27 10:44:39 +02:00
Satoshi SAKAO
db66c1dd02 fix number of steps 2020-04-27 10:44:39 +02:00
Satoshi SAKAO
608728b135 fix asciidoc italic format 2020-04-27 10:44:39 +02:00
René Zubcevic
88eb4d7b26 ace editor added without all the nonsense around it 2020-04-26 16:45:56 +02:00
René Zubcevic
58bc94d1f6 fix green buttons 2020-04-22 16:37:00 +02:00
René Zubcevic
6f532683a1 lessonplan character updates so it also works on Windows Cp125 2020-04-20 12:54:18 +02:00
Nanne Baars
a5350060e1 Add dummy extra method with return type AttackResult because every assignment needs at least one such mapping (in the challenges case this is optional but since the challenges are an extra thing and this is the only assignment which has no such method adding a dummy method makes sense) 2020-04-19 15:42:50 +02:00
Nanne Baars
4f649234a9 Fix Java 11 issue where the order of methods returned in AssignmentEndpoint subclasses returned wrong method for determining the mapping of an assignment. Now we walk over all methods until we find one which has for example a @GetMapping with AttackResult or ResponseEntity<AttackResult as return type. If no such method is found an exception is thrown 2020-04-19 15:42:50 +02:00
Nanne Baars
96412da04e Remove unused imports and parameters 2020-04-19 15:42:50 +02:00
Nanne Baars
3b7481c2a7 Update method signature 2020-04-19 15:42:50 +02:00
Nanne Baars
407e19638f Add two more assignments for SQL injection where only filtering is applied. 2020-04-19 15:42:50 +02:00
Nanne Baars
122cc323f2 Changed the order of explanation of setting up ZAP/Burp a bit (feedback from workshop). This makes the necessary steps more explicit by moving all extra configuration for https etc to the back. So when you follow the lesson you will only setup the minimal and not get confused about things which are only necessary in certain cases 2020-04-19 15:42:50 +02:00
René Zubcevic
25e66ae412 use of script console in stead of browser address bar 2020-04-17 15:33:26 +02:00
René Zubcevic
089952e9ad quiz fix for CIA, SQL Injection Advanced and XSS + XSS description 
change in alert(document.cookie)
 2020-04-17 15:33:26 +02:00
René Zubcevic
efc5a870a0
Path traversal windows unittest fix (#780) 
* fixes to support windows and linux/unix/mac

* fix in matcher
 2020-04-14 16:13:43 +02:00