dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,760 Commits 11 Branches 78 Tags
Commit Graph

183 Commits

Author SHA1 Message Date
Nanne Baars
3ee1a1ca16 Travis now builds Docker and create a Github release. 
Removed ActiveMQ between WebGoat and WebWolf they now act as standalone applications
 2017-10-18 10:54:16 +02:00
Jason White
d0ec84e9a6 Merge remote-tracking branch 'upstream/develop' into develop 2017-10-11 20:29:47 -06:00
Jason White
b156d81535 Initial cut on CSRF. More to come 2017-10-11 20:06:57 -06:00
Nanne Baars
46c536554c - Added new challenges 
- Added new webapplication called WebWolf to make attacks more realistic
- Added WebWolf lesson to explain the concepts behind this new application
 2017-09-12 23:12:10 +02:00
Jason White
b41751a55c missing function level ac working again ... after VM implosion 2017-08-08 17:15:20 -06:00
Jason White
8df1d53471 interim missing function ac commit, traversing dev. env. 2017-08-08 09:28:09 -06:00
Jason White
c44186f986 start of missing function ac lesson 2017-07-24 16:26:23 -04:00
Jason White
dce962bdeb Updating Category ordering, closer to T10 2017-07-19 15:54:50 -04:00
Jason White
ccb4e3813b #353 - lesson template/guide 2017-06-23 14:46:09 -04:00
Nanne Baars
e9ad20cb30 Make sure we clean all the files below the .webgoat dir 2017-06-15 19:08:19 +02:00
Nanne Baars
a484467419 Adding extra lesson for order by clauses 2017-06-15 19:08:19 +02:00
Nanne Baars
b048988d2f Changed layout of the html tampering lesson and fixed some JavaScript issues. Added a small mitigation page. 
Moved the lessons concerning client side validation to client side category
 2017-06-13 03:22:19 +02:00
Nanne Baars
129e9deba9 Added testcase for SQL injection lesson 2017-05-21 16:40:52 +02:00
Nanne Baars
877de6ebd4 Updated XXE lessons with challenge screens 2017-05-21 12:24:42 +02:00
Nanne Baars
cae937c83e Updated menu item for challenges 2017-05-03 11:51:24 +02:00
Nanne Baars
194a327ad5 Fixed issue when restarting the lesson the menu was not updated (the marker stayed behind) 
Also restarting the lesson was not persisted
 2017-05-03 05:08:00 +02:00
Nanne Baars
454e8d4c14 Solving an assignment twice adds its again which breaks the UI because the endpoint for lessonoverview returns mulitple values for the same assignment. 2017-05-02 04:38:30 +02:00
Jason White
b0f66f16fb initial plumb of scoreboard 2017-05-02 22:24:31 -04:00
Nanne Baars
615ca5afe3 Posting a flag shows a response in the UI (correct or incorrect) 2017-05-02 03:25:31 +02:00
Nanne Baars
a134b25213 Scoreboard now returns the flags captured (title) 2017-05-02 02:45:35 +02:00
Nanne Baars
eb7a6bd2be Creating endpoint for the scoreboard 2017-05-02 02:29:47 +02:00
Nanne Baars
2f72ac4add Merge branch 'develop' into challenge 2017-04-16 08:54:34 +02:00
Nanne Baars
a63bf006d6 Language of the browser not english will crash WebGoat during loading of the asciidoc. This is due to the fact we always presume the lesson plan is available in the browser language. It now falls back to 'en' whenever the lesson cannot be found with the language obtained from the browser. 2017-04-16 07:52:30 +02:00
Nanne Baars
d66db56c86 Added test for LessonMenuService. 2017-04-16 07:28:35 +02:00
Nanne Baars
7054c44c40 Fixed sorting issue with lessons, in particular the challenges need to be ordered so the intro is displayed first 2017-04-16 05:57:40 +02:00
Nanne Baars
3ccfcac8ff Challenge 4 done 2017-04-16 05:14:47 +02:00
Nanne Baars
213e73bf02 Making database for each user (no sharing between each other) 2017-04-15 18:11:55 +02:00
Nanne Baars
6f633a0f78 Added the ability to remove all *.progress files when starting the server (for development). This is sometimes necessary when the internal structure of the lessons change but we still use old progress files. 2017-04-15 14:01:11 +02:00
Nanne Baars
eb13ebc26f Assignments were not grouped per lesson in the same package 2017-04-15 13:59:57 +02:00
Nanne Baars
ec338326ea Separating challenges 2017-04-15 11:37:43 +02:00
Nanne Baars
ebf2f9d864 wip 2017-04-15 11:37:43 +02:00
Nanne Baars
fbf2d1b422 Added validation to detect duplicate users during registration 2017-04-08 08:30:14 +02:00
Nanne Baars
9833637abf Fixed exception while logging in with unknown user 2017-03-23 21:46:21 +01:00
Nanne Baars
53d30e2274 Fixed saving lesson tracker with reloadable classloader 2017-03-22 15:51:57 +01:00
Nanne Baars
259fd19c1b - Introduced user registration 
- Now using Spring Boot for classloading, this way local development does not need to restart the complete server
- Fixed all kinds of dependencies on the names of the lessons necessary to keep in mind during the creation of a lesson.
- Simplied loading of resources, by adding resource mappings in MvcConfig.
- Refactored plugin loading, now only one class is left for loading the lessons.
 2017-03-22 11:35:14 +01:00
Nanne Baars
f71d02fc6a Merge branch 'develop' into develop 2017-03-02 21:24:09 +01:00
Nanne Baars
2d6235e4f0 Provide Server-side service to support UI localization #265 
- Now also enabled for adoc
 2017-03-02 21:17:21 +01:00
Jason White
7f532f0ffc XSS lesson updates 2017-02-17 13:05:54 -05:00
mayhew64
85ef7ee1a4 Merge branch 'develop' of https://github.com/WebGoat/WebGoat into develop 2017-02-06 09:19:29 -05:00
Nanne Baars
ae82df3fb4 Fixed issue with loading messages in different language. As a standalone jar you can write properties back to messages.properties, this approach worked when you run with exploded classpath (target/classes etc). However failed when running inside Docker container. 2017-02-05 21:54:07 +01:00
Nanne Baars
d25700434e Added tests for assignments 2017-01-31 23:28:59 +01:00
Nanne Baars
ee5a12d205 Provide Server-side service to support UI localization #265 (#322) 
merging
 2017-01-31 11:52:33 -05:00
mayhew64
fbd37b39bd Merge branch 'develop' of https://github.com/WebGoat/WebGoat into develop 2017-01-28 11:05:16 -05:00
mayhew64
30bdc89164 Adding Vulnerable Components Category 2017-01-28 11:01:05 -05:00
Jason White
a0451eeb3a Adding 'sorted' to lambda/stream 2017-01-27 15:41:46 -05:00
Jason White
ac16342c17 #315 Adding UI handling and corresponding expected elements for html files for decoration. Inlucdes minor refactor 2017-01-25 17:46:31 +01:00
Nanne Baars
0779f7a3d0 Hints per lesson (#314) 
Squashing and merging ...

* Each assigment should have the options to have its own set of hints #278

* Updating lessons due to changes from #278

* Enable i18n client side #312

* IDOR move hints to assignment and enable i18n #312
 2017-01-24 09:34:06 -05:00
Nanne Baars
ee0d34e2ea Merge pull request #310 from misfir3/develop 
turning off HttpOnly
 2017-01-15 18:44:52 +01:00
Nanne Baars
badbabd439 Fixing can't login to webgoat #307 2017-01-15 16:28:19 +01:00
Jason White
b970fe37fa turning off HttpOnly 2017-01-12 17:25:51 -05:00