3ee1a1ca16
Travis now builds Docker and create a Github release.
...
Removed ActiveMQ between WebGoat and WebWolf they now act as standalone applications
2017-10-18 10:54:16 +02:00
d0ec84e9a6
Merge remote-tracking branch 'upstream/develop' into develop
2017-10-11 20:29:47 -06:00
b156d81535
Initial cut on CSRF. More to come
2017-10-11 20:06:57 -06:00
46c536554c
- Added new challenges
...
- Added new webapplication called WebWolf to make attacks more realistic
- Added WebWolf lesson to explain the concepts behind this new application
2017-09-12 23:12:10 +02:00
b41751a55c
missing function level ac working again ... after VM implosion
2017-08-08 17:15:20 -06:00
8df1d53471
interim missing function ac commit, traversing dev. env.
2017-08-08 09:28:09 -06:00
c44186f986
start of missing function ac lesson
2017-07-24 16:26:23 -04:00
dce962bdeb
Updating Category ordering, closer to T10
2017-07-19 15:54:50 -04:00
ccb4e3813b
#353 - lesson template/guide
2017-06-23 14:46:09 -04:00
e9ad20cb30
Make sure we clean all the files below the .webgoat dir
2017-06-15 19:08:19 +02:00
a484467419
Adding extra lesson for order by clauses
2017-06-15 19:08:19 +02:00
b048988d2f
Changed layout of the html tampering lesson and fixed some JavaScript issues. Added a small mitigation page.
...
Moved the lessons concerning client side validation to client side category
2017-06-13 03:22:19 +02:00
129e9deba9
Added testcase for SQL injection lesson
2017-05-21 16:40:52 +02:00
877de6ebd4
Updated XXE lessons with challenge screens
2017-05-21 12:24:42 +02:00
cae937c83e
Updated menu item for challenges
2017-05-03 11:51:24 +02:00
194a327ad5
Fixed issue when restarting the lesson the menu was not updated (the marker stayed behind)
...
Also restarting the lesson was not persisted
2017-05-03 05:08:00 +02:00
454e8d4c14
Solving an assignment twice adds its again which breaks the UI because the endpoint for lessonoverview returns mulitple values for the same assignment.
2017-05-02 04:38:30 +02:00
b0f66f16fb
initial plumb of scoreboard
2017-05-02 22:24:31 -04:00
615ca5afe3
Posting a flag shows a response in the UI (correct or incorrect)
2017-05-02 03:25:31 +02:00
a134b25213
Scoreboard now returns the flags captured (title)
2017-05-02 02:45:35 +02:00
eb7a6bd2be
Creating endpoint for the scoreboard
2017-05-02 02:29:47 +02:00
2f72ac4add
Merge branch 'develop' into challenge
2017-04-16 08:54:34 +02:00
a63bf006d6
Language of the browser not english will crash WebGoat during loading of the asciidoc. This is due to the fact we always presume the lesson plan is available in the browser language. It now falls back to 'en' whenever the lesson cannot be found with the language obtained from the browser.
2017-04-16 07:52:30 +02:00
d66db56c86
Added test for LessonMenuService.
2017-04-16 07:28:35 +02:00
7054c44c40
Fixed sorting issue with lessons, in particular the challenges need to be ordered so the intro is displayed first
2017-04-16 05:57:40 +02:00
3ccfcac8ff
Challenge 4 done
2017-04-16 05:14:47 +02:00
213e73bf02
Making database for each user (no sharing between each other)
2017-04-15 18:11:55 +02:00
6f633a0f78
Added the ability to remove all *.progress files when starting the server (for development). This is sometimes necessary when the internal structure of the lessons change but we still use old progress files.
2017-04-15 14:01:11 +02:00
eb13ebc26f
Assignments were not grouped per lesson in the same package
2017-04-15 13:59:57 +02:00
ec338326ea
Separating challenges
2017-04-15 11:37:43 +02:00
ebf2f9d864
wip
2017-04-15 11:37:43 +02:00
fbf2d1b422
Added validation to detect duplicate users during registration
2017-04-08 08:30:14 +02:00
9833637abf
Fixed exception while logging in with unknown user
2017-03-23 21:46:21 +01:00
53d30e2274
Fixed saving lesson tracker with reloadable classloader
2017-03-22 15:51:57 +01:00
259fd19c1b
- Introduced user registration
...
- Now using Spring Boot for classloading, this way local development does not need to restart the complete server
- Fixed all kinds of dependencies on the names of the lessons necessary to keep in mind during the creation of a lesson.
- Simplied loading of resources, by adding resource mappings in MvcConfig.
- Refactored plugin loading, now only one class is left for loading the lessons.
2017-03-22 11:35:14 +01:00
f71d02fc6a
Merge branch 'develop' into develop
2017-03-02 21:24:09 +01:00
2d6235e4f0
Provide Server-side service to support UI localization #265
...
- Now also enabled for adoc
2017-03-02 21:17:21 +01:00
7f532f0ffc
XSS lesson updates
2017-02-17 13:05:54 -05:00
85ef7ee1a4
Merge branch 'develop' of https://github.com/WebGoat/WebGoat into develop
2017-02-06 09:19:29 -05:00
ae82df3fb4
Fixed issue with loading messages in different language. As a standalone jar you can write properties back to messages.properties, this approach worked when you run with exploded classpath (target/classes etc). However failed when running inside Docker container.
2017-02-05 21:54:07 +01:00
d25700434e
Added tests for assignments
2017-01-31 23:28:59 +01:00
ee5a12d205
Provide Server-side service to support UI localization #265 ( #322 )
...
merging
2017-01-31 11:52:33 -05:00
fbd37b39bd
Merge branch 'develop' of https://github.com/WebGoat/WebGoat into develop
2017-01-28 11:05:16 -05:00
30bdc89164
Adding Vulnerable Components Category
2017-01-28 11:01:05 -05:00
a0451eeb3a
Adding 'sorted' to lambda/stream
2017-01-27 15:41:46 -05:00
ac16342c17
#315 Adding UI handling and corresponding expected elements for html files for decoration. Inlucdes minor refactor
2017-01-25 17:46:31 +01:00
0779f7a3d0
Hints per lesson ( #314 )
...
Squashing and merging ...
* Each assigment should have the options to have its own set of hints #278
* Updating lessons due to changes from #278
* Enable i18n client side #312
* IDOR move hints to assignment and enable i18n #312
2017-01-24 09:34:06 -05:00
ee0d34e2ea
Merge pull request #310 from misfir3/develop
...
turning off HttpOnly
2017-01-15 18:44:52 +01:00
badbabd439
Fixing can't login to webgoat #307
2017-01-15 16:28:19 +01:00
b970fe37fa
turning off HttpOnly
2017-01-12 17:25:51 -05:00
