dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,791 Commits 11 Branches 78 Tags
Commit Graph

198 Commits

Author SHA1 Message Date
Nanne Baars
43b82027f5 Added more content for CSRF lesson 2017-11-22 01:34:05 +01:00
Nanne Baars
75d0405da1 Fixed XXE lesson the posting of the comments did not show up directly only after page refresh 2017-11-17 07:07:43 +01:00
Nanne Baars
6c91e7dc8a Fixed WebWolf issues with sending e-mails 2017-11-15 11:58:31 +01:00
Nanne Baars
f91f77708a New version 2017-11-02 21:44:30 +01:00
Nanne Baars
100876ad6c Changed introduction 2017-11-02 20:44:21 +01:00
Nanne Baars
56fc0fce05 Added test for XXE 2017-11-02 20:41:30 +01:00
Nanne Baars
fc1353b2f1 Pom cleanup 2017-11-02 16:14:44 +01:00
Nanne Baars
a11d3d0b1b - Made movie little bit shorter because webgoat-server.jar was over 200Mb 
- Movie was copy and pasted to csrf and auth lesson removed it from those lessons
- Made jars which are not necessary in the webgoat-server.jar optional
 2017-11-02 15:39:49 +01:00
Nanne Baars
87a7521dcd Adding introduction to WebGoat as the web interface opens with WebWolf which is confusing because people thought you needed to download WebWolf and start it directly. Feedback received during workshops 2017-11-02 14:28:20 +01:00
Nanne Baars
8729d9bfcf Fixed minor issues for properties and starting WebGoat 2017-11-02 12:42:19 +01:00
Nanne Baars
1ecb43092d Bumped version number 2017-10-18 19:58:14 +02:00
Nanne Baars
8250b4048f Updating version number 2017-10-18 19:43:33 +02:00
Nanne Baars
3ee1a1ca16 Travis now builds Docker and create a Github release. 
Removed ActiveMQ between WebGoat and WebWolf they now act as standalone applications
 2017-10-18 10:54:16 +02:00
Jason White
49c3008fe2 Typo fix for CSRF content 2017-10-13 10:33:38 -06:00
Jason White
9e66ee177d Image Cleanup for Http Proxies 2017-10-13 10:13:07 -06:00
Jason White
f9a43d0961 xss updates 2017-10-13 09:52:19 -06:00
Jason White
8d488c6ac6 More CSRF Updates 2017-10-13 09:28:41 -06:00
Jason White
b03a32f92c update to do CSRF-based comment forging 2017-10-12 18:17:48 -06:00
Jason White
d0ec84e9a6 Merge remote-tracking branch 'upstream/develop' into develop 2017-10-11 20:29:47 -06:00
Jason White
b156d81535 Initial cut on CSRF. More to come 2017-10-11 20:06:57 -06:00
Nanne Baars
5033c3661a Cleaning up test case logging 2017-10-08 02:07:22 +02:00
Nanne Baars
8a982dedb5 Updated XXE lesson so it also uses WebWolf 2017-10-07 13:46:34 +02:00
Nanne Baars
46c536554c - Added new challenges 
- Added new webapplication called WebWolf to make attacks more realistic
- Added WebWolf lesson to explain the concepts behind this new application
 2017-09-12 23:12:10 +02:00
Jason White
ec2ab55749 fixing test directory structure 2017-08-09 00:24:04 -06:00
Jason White
2463f534b5 Formatting and bumping file in test dir 2017-08-09 00:19:34 -06:00
Jason White
8f740ace73 additional tests, one fix 2017-08-08 23:56:43 -06:00
Jason White
476ab415a4 More tests for AC lesson 2017-08-08 18:47:49 -06:00
Jason White
b8d17a1cfd Basic endpoint tests added 2017-08-08 18:06:18 -06:00
Jason White
b41751a55c missing function level ac working again ... after VM implosion 2017-08-08 17:15:20 -06:00
Jason White
8df1d53471 interim missing function ac commit, traversing dev. env. 2017-08-08 09:28:09 -06:00
Jason White
06bf690a3a Merge remote-tracking branch 'upstream/develop' into develop 2017-08-02 19:12:29 -04:00
Jason White
10e5edbc36 temp. removal of offending UT 2017-08-02 19:06:55 -04:00
Nanne Baars
b06fb72a74 Fixed typo 2017-07-25 17:41:37 +02:00
Jason White
f1a104f0ab merging missing function-level-ac lesson 2017-07-25 09:44:10 -04:00
Jason White
8186bd4766 css and xss updates 2017-07-24 18:05:57 -04:00
Jason White
c44186f986 start of missing function ac lesson 2017-07-24 16:26:23 -04:00
Jason White
fc05a68ef7 update to IDOR hints 2017-07-19 16:00:10 -04:00
Jason White
9e1e4c1d2a Merge remote-tracking branch 'upstream/develop' into auth-bypass 2017-07-19 08:58:24 -04:00
Jason White
b57cfd06b1 Started testing. Having issues, but commiting stubs and making ticket to return 2017-07-19 08:56:48 -04:00
Jason White
89bfc3f12d fixing image 2017-07-18 17:54:50 -04:00
Jason White
9b643728f8 verify account assignment hints 2017-07-18 17:48:57 -04:00
Jason White
0cb4faf15f refactor to support cleaner scoping && success and failure callbacks 2017-07-18 17:39:58 -04:00
Jason White
ce7c271bb5 initial cut on auth-bypass lesson 2017-07-18 15:59:46 -04:00
misfir3
cac1fb17e4 minor update to getting started file 
Updating Base Class section/description
 2017-07-12 16:59:13 -04:00
misfir3
82ef171a50 XSS Lesson Modifications (#367) 
* initial cut on XSS, need to add some tests still

* initial unit tests for assignment endpoints

* updating header comment license thingy

* comment, clean up

* Stubs for security unit test

* Additional Unit Testing

* isEncoded and isNotEncoded Unit Tests added

* http-proxies updates

* update for XXE solutions

* Work-around to handle special chars in action ... currently to be able to match {userId} in hint creation/assignment for IDOR

* IDOR hints updated

* mitigation content update

* mitigation content update ... 2

* Lesson Overview updates

* including restart lesson fix for lesson overview
 2017-07-10 08:33:10 -04:00
Jason White
921561cf32 mitigation content update ... 2 2017-06-27 11:33:39 -04:00
Jason White
ebb851b361 mitigation content update 2017-06-27 11:28:16 -04:00
Jason White
296723508b IDOR hints updated 2017-06-27 10:26:22 -04:00
Jason White
dd18e68660 merge of upstream, conflict resolution 2017-06-27 08:30:58 -04:00
Jason White
3a9bb946ed update for XXE solutions 2017-06-27 08:27:06 -04:00