4e9b30d7f6 
					 
					
						
						
							
							#304  incremental addition for IDOR, still experiencing 400 with PUT method  
						
						
						
						
					 
					
						2017-01-09 14:02:00 -05:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						fe4f568fc0 
					 
					
						
						
							
							#304  update to IDOR. Still experiencing 400 on EditOwnProfile endpoint  
						
						
						
						
					 
					
						2017-01-06 13:04:03 -05:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						0a41b2813d 
					 
					
						
						
							
							#304  ... trying to fix prev. commit  
						
						
						
						
					 
					
						2017-01-06 08:06:49 -05:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						65eaa934ea 
					 
					
						
						
							
							Initial/partial commit of IDOR lesson  
						
						
						
						
					 
					
						2017-01-05 17:30:53 -05:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						9c03b6f63b 
					 
					
						
						
							
							#276  Automatic lesson summary page  
						
						... 
						
						
						
						- Basic overview of all the assignments needed to be solved in a lesson
 - Clicking on a link will jump to the correct page with the assignment
 - Lesson completed also updates lesson overview immediately 
						
						
					 
					
						2016-12-28 10:14:34 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						282073ed2d 
					 
					
						
						
							
							Adding ZAP content for HTTP Basics  
						
						
						
						
					 
					
						2016-12-22 16:37:57 -05:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						6fa894938b 
					 
					
						
						
							
							Issue  #275 : Activate Syntax Highlighting with Coderay in Asciidoc templates  
						
						
						
						
					 
					
						2016-12-15 17:37:30 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						b8b632905d 
					 
					
						
						
							
							Fixing failing unit test  
						
						
						
						
					 
					
						2016-12-08 22:06:21 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						1a854a500e 
					 
					
						
						
							
							Lesson overview  
						
						
						
						
					 
					
						2016-11-29 20:27:54 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						e183c8d8b3 
					 
					
						
						
							
							implementing support for dom xss  
						
						
						
						
					 
					
						2016-11-23 17:25:47 -05:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						5347311319 
					 
					
						
						
							
							XXE last assignment completely working  
						
						
						
						
					 
					
						2016-11-23 17:09:35 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						c80bfcbc2f 
					 
					
						
						
							
							First checkin for CSRF  
						
						... 
						
						
						
						(cherry picked from commit a01a767) 
						
						
					 
					
						2016-11-23 17:09:35 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						4940a12d0d 
					 
					
						
						
							
							button size fix  
						
						
						
						
					 
					
						2016-11-22 16:25:19 -05:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						32d1009390 
					 
					
						
						
							
							Reflected xss working - still have to think how to get the success criteria.  Page needs some work though  
						
						
						
						
					 
					
						2016-11-21 23:09:58 -05:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						edaadecc38 
					 
					
						
						
							
							Merge pull request  #286  from WebGoat/feature/spring-boot  
						
						... 
						
						
						
						First draft at XSS 
						
						
					 
					
						2016-11-21 18:37:53 -05:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						2647722842 
					 
					
						
						
							
							fixing typo  
						
						
						
						
					 
					
						2016-11-21 13:50:21 -05:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						95607089d4 
					 
					
						
						
							
							First draft at XSS  
						
						
						
						
					 
					
						2016-11-21 13:39:43 -05:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						f2a114419a 
					 
					
						
						
							
							XXE checkin  
						
						
						
						
					 
					
						2016-11-18 10:39:39 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						38e5999472 
					 
					
						
						
							
							XXE checkin  
						
						
						
						
					 
					
						2016-11-17 17:36:17 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						f698a2d6ae 
					 
					
						
						
							
							XXE first attempt  
						
						
						
						
					 
					
						2016-11-17 16:27:41 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						6d45bbc09c 
					 
					
						
						
							
							HTTP-Basics mark lesson complete issue fixed  
						
						
						
						
					 
					
						2016-11-17 15:00:54 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						b5fd52e908 
					 
					
						
						
							
							refactor to help accomodate multiple attacks and output in one 'page'  
						
						
						
						
					 
					
						2016-11-17 08:06:06 -05:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						507a4cfbdb 
					 
					
						
						
							
							few cleanup items, added least privilege  
						
						
						
						
					 
					
						2016-11-16 17:56:29 -05:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						f091e21c60 
					 
					
						
						
							
							Fixed test for password  
						
						
						
						
					 
					
						2016-11-16 16:18:22 -05:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						29447a11b4 
					 
					
						
						
							
							First wave is complete; some rendering issues  
						
						
						
						
					 
					
						2016-11-16 13:41:51 -05:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						24b2e79dc5 
					 
					
						
						
							
							Trying to wire up the DB connection and fill out first sql stub  
						
						
						
						
					 
					
						2016-11-15 22:40:24 -05:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						0285bf96a7 
					 
					
						
						
							
							another stub  
						
						
						
						
					 
					
						2016-11-15 19:39:23 -05:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						67adddbffc 
					 
					
						
						
							
							Merge branch 'feature/spring-boot' of  https://github.com/WebGoat/WebGoat  into feature/spring-boot  
						
						
						
						
					 
					
						2016-11-15 19:38:26 -05:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						8b6ad92aea 
					 
					
						
						
							
							First round of sql injection with stubs  
						
						
						
						
					 
					
						2016-11-15 19:37:11 -05:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						6b9e9db4aa 
					 
					
						
						
							
							#272  Fix lesson client side filtering  
						
						... 
						
						
						
						- Endpoint now returns proper json and no longer uses ecs. 
						
						
					 
					
						2016-11-15 22:41:59 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						640e3ffb4e 
					 
					
						
						
							
							mvn clean should also clean lesson jar files added .webgoat directory as well  
						
						
						
						
					 
					
						2016-11-15 18:12:29 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						44f5c60e78 
					 
					
						
						
							
							#272  Fix lesson client side filtering  
						
						
						
						
					 
					
						2016-11-15 17:38:10 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						00f0ee8942 
					 
					
						
						
							
							Fixed imports  
						
						
						
						
					 
					
						2016-11-15 07:26:17 -05:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						dad7bdba92 
					 
					
						
						
							
							Merge branch 'feature/spring-boot' of  https://github.com/WebGoat/WebGoat  into feature/spring-boot  
						
						
						
						
					 
					
						2016-11-15 07:11:43 -05:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						abcc6c4dcb 
					 
					
						
						
							
							SQL Injection - it's broken  
						
						
						
						
					 
					
						2016-11-15 07:11:24 -05:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						5babe19f2b 
					 
					
						
						
							
							Fixed issue with lesson tracking  
						
						
						
						
					 
					
						2016-11-15 09:28:39 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						0bec575913 
					 
					
						
						
							
							Moving forward cleaning up some unnecessary lesson super classes which we  
						
						... 
						
						
						
						do not need to support anymore in 8.0:
- Introduced DI thoughout the code base
- Removed most superclasses of a lesson
- Hammerhead is now simplified to only one line of code
- Cleaned up WebSession
- Removed code which dealt with user roles, lesson fetching, username etc
- LessonTracker improvements
- Removed almost all code from the Screen class
- Removed ECS from the container project
- Removed adminstration pages, contained a lot of ECS codes which is much
  simpler to just rewrite when necessary 
						
						
					 
					
						2016-11-06 21:09:47 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						89a717bbd2 
					 
					
						
						
							
							Clean up and introduced Spring Dev tools to automatically reload classes.  
						
						
						
						
					 
					
						2016-10-30 15:13:32 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						b8992bdc0e 
					 
					
						
						
							
							Spring Boot reload automatically enabled  
						
						
						
						
					 
					
						2016-10-16 10:38:14 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						c72e8df532 
					 
					
						
						
							
							Moved lessons to this project.  
						
						
						
						
					 
					
						2016-10-13 12:09:01 -04:00