dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,791 Commits 11 Branches 78 Tags
Commit Graph

406 Commits

Author SHA1 Message Date
Nanne Baars
43b82027f5 Added more content for CSRF lesson 2017-11-22 01:34:05 +01:00
Nanne Baars
5eed385d5d When an adoc file cannot be found the complete lesson crashed, made it failsafe with a logging statement. 2017-11-17 07:08:24 +01:00
Nanne Baars
157b982394 successFunction and failureFunction were selected by using the main form (so the succesFunction of the first assignment was used for the next assignment) not the currentForm we determined in onFormSubmit() function. 2017-11-17 07:06:56 +01:00
Nanne Baars
6c91e7dc8a Fixed WebWolf issues with sending e-mails 2017-11-15 11:58:31 +01:00
Nanne Baars
f91f77708a New version 2017-11-02 21:44:30 +01:00
Nanne Baars
fc1353b2f1 Pom cleanup 2017-11-02 16:14:44 +01:00
Nanne Baars
1e9f92220d Removed unnecessary JPA libraries 2017-11-02 15:44:45 +01:00
Nanne Baars
a11d3d0b1b - Made movie little bit shorter because webgoat-server.jar was over 200Mb 
- Movie was copy and pasted to csrf and auth lesson removed it from those lessons
- Made jars which are not necessary in the webgoat-server.jar optional
 2017-11-02 15:39:49 +01:00
Nanne Baars
8729d9bfcf Fixed minor issues for properties and starting WebGoat 2017-11-02 12:42:19 +01:00
Nanne Baars
1ecb43092d Bumped version number 2017-10-18 19:58:14 +02:00
Nanne Baars
8250b4048f Updating version number 2017-10-18 19:43:33 +02:00
Nanne Baars
3ee1a1ca16 Travis now builds Docker and create a Github release. 
Removed ActiveMQ between WebGoat and WebWolf they now act as standalone applications
 2017-10-18 10:54:16 +02:00
Jason White
d0ec84e9a6 Merge remote-tracking branch 'upstream/develop' into develop 2017-10-11 20:29:47 -06:00
Jason White
b156d81535 Initial cut on CSRF. More to come 2017-10-11 20:06:57 -06:00
Nanne Baars
5033c3661a Cleaning up test case logging 2017-10-08 02:07:22 +02:00
Nanne Baars
6cb526aa43 Maven build generates too much output for Travis CI 2017-10-08 01:58:03 +02:00
Nanne Baars
8a982dedb5 Updated XXE lesson so it also uses WebWolf 2017-10-07 13:46:34 +02:00
Nanne Baars
46c536554c - Added new challenges 
- Added new webapplication called WebWolf to make attacks more realistic
- Added WebWolf lesson to explain the concepts behind this new application
 2017-09-12 23:12:10 +02:00
Jason White
b41751a55c missing function level ac working again ... after VM implosion 2017-08-08 17:15:20 -06:00
Jason White
8df1d53471 interim missing function ac commit, traversing dev. env. 2017-08-08 09:28:09 -06:00
Jason White
06bf690a3a Merge remote-tracking branch 'upstream/develop' into develop 2017-08-02 19:12:29 -04:00
Nanne Baars
49621c637f Upgraded to latest in memory MongoDB (due to download link no longer working) 2017-07-26 05:07:15 +02:00
Jason White
f1a104f0ab merging missing function-level-ac lesson 2017-07-25 09:44:10 -04:00
Jason White
8186bd4766 css and xss updates 2017-07-24 18:05:57 -04:00
Jason White
c44186f986 start of missing function ac lesson 2017-07-24 16:26:23 -04:00
Jason White
ca4b0c06b5 lesson css file 2017-07-24 11:34:10 -04:00
Jason White
dce962bdeb Updating Category ordering, closer to T10 2017-07-19 15:54:50 -04:00
Jason White
0cb4faf15f refactor to support cleaner scoping && success and failure callbacks 2017-07-18 17:39:58 -04:00
Jason White
fb65534355 Merging from 'injection-updates' into local develop branch 2017-07-03 15:22:02 -04:00
Jason White
2e4e4ea716 including restart lesson fix for lesson overview 2017-07-03 12:37:15 -04:00
Jason White
daaf361dd2 Lesson Overview updates 2017-07-03 12:14:01 -04:00
Jason White
89e2fc109c Work-around to handle special chars in action ... currently to be able to match {userId} in hint creation/assignment for IDOR 2017-06-27 10:24:38 -04:00
Jason White
dd18e68660 merge of upstream, conflict resolution 2017-06-27 08:30:58 -04:00
Jason White
ccb4e3813b #353 - lesson template/guide 2017-06-23 14:46:09 -04:00
Nanne Baars
e808abd504 Added testcase for SQL lesson 6a 2017-06-16 00:23:40 +02:00
Nanne Baars
7809057208 Enabled the challenges again to make them visible for everybody who starts WebGoat 2017-06-15 23:38:04 +02:00
Nanne Baars
e9ad20cb30 Make sure we clean all the files below the .webgoat dir 2017-06-15 19:08:19 +02:00
Nanne Baars
a484467419 Adding extra lesson for order by clauses 2017-06-15 19:08:19 +02:00
Nanne Baars
b048988d2f Changed layout of the html tampering lesson and fixed some JavaScript issues. Added a small mitigation page. 
Moved the lessons concerning client side validation to client side category
 2017-06-13 03:22:19 +02:00
Nanne Baars
52a48df70c XXE successfully completed message was no longer shown, fixed it by using form POST together with customjs functions. 
Introduced callback functionality which you can specify after the posting in order to be able to load the comments list again.
 2017-06-12 15:08:55 +02:00
Nanne Baars
129e9deba9 Added testcase for SQL injection lesson 2017-05-21 16:40:52 +02:00
Nanne Baars
0ad1f0d147 Fixing Travis issues while building 2017-05-21 13:28:29 +02:00
Nanne Baars
2b2451dd9c testing with Travis dirs 2017-05-21 13:10:52 +02:00
Nanne Baars
50795d9ded testing with Travis dirs 2017-05-21 13:06:00 +02:00
Nanne Baars
877de6ebd4 Updated XXE lessons with challenge screens 2017-05-21 12:24:42 +02:00
Jason White
feead6b740 initial cut on XSS, need to add some tests still 2017-05-18 14:41:14 -04:00
Nanne Baars
8d3c251d04 Merge branch 'challenge' into develop 
Conflicts:
	webgoat-container/src/main/resources/static/css/main.css
 2017-05-04 03:02:00 +02:00
Jason White
08e7916b39 polling updates, including banner for appseceu 2017-05-10 16:15:38 +01:00
Nanne Baars
cae937c83e Updated menu item for challenges 2017-05-03 11:51:24 +02:00
Jason White
c7c664ad4a polling for scoreboard added (appseceu) 2017-05-10 15:28:07 +01:00