dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,475 Commits 11 Branches 78 Tags
Commit Graph

48 Commits

Author SHA1 Message Date
Nanne Baars
59e04dee6e Fix typo 2021-03-15 17:48:13 +01:00
Nanne Baars
5a16ea514a Fix quiz 2021-03-15 17:48:13 +01:00
Nanne Baars
8d2d82764f Assignment 8 loads JWT key again 2021-03-15 17:48:13 +01:00
Nanne Baars
dedb2f9fef Open new tab when clicking on JWT link for WebWolf 2021-03-15 17:48:13 +01:00
Nanne Baars
8b89667d9d Fix quiz, first should be second 2021-03-15 17:48:13 +01:00
Nanne Baars
c798e4be32 Fix JWT integration tests 2021-03-15 17:48:13 +01:00
Nanne Baars
f2ab5c1968 Update JWT lesson 2021-03-15 17:48:13 +01:00
Nanne Baars
142631c7a0 WIP 2021-03-15 17:48:13 +01:00
Elie De Brauwer
966d7a7aed JWT_refresh.adoc: Fix spelling issues 2020-05-24 09:37:47 +02:00
Nanne Baars
4f649234a9 Fix Java 11 issue where the order of methods returned in AssignmentEndpoint subclasses returned wrong method for determining the mapping of an assignment. Now we walk over all methods until we find one which has for example a @GetMapping with AttackResult or ResponseEntity<AttackResult as return type. If no such method is found an exception is thrown 2020-04-19 15:42:50 +02:00
Nanne Baars
6c25cf8e43 Add path traversal lesson 2020-03-10 08:03:48 +01:00
René Zubcevic
3b050a856a tested solution with unit test and verfied with lesson 5 on ie 2020-02-28 23:11:29 +01:00
René Zubcevic
71d9c4b61a first steps 2020-02-28 23:11:29 +01:00
René Zubcevic
4e371b63d0
suppressing some useless log messages and banners in unit tests (#752) 
* suppressing some useless log messages and banners in unit tests

* some more log suppressed
 2020-01-25 12:11:45 +01:00
Nanne Baars
5dd6b31905 Adjust lesson template (#704) 
* Remove method `getId()` from all lessons as it defaults to the class name

* remove clean up endpoint

* remove unused class `RequestParameter`

* remove unused class `PluginLoadingFailure`

* Move `CourseConfiguration` to lesson package

* Add more content around the lesson template lesson and make it visible as a lesson in WebGoat

* Remove explicit invocation `trackProgress()` inside WebGoat framework so assignments only need to return an `AttackResult`

* Put original solution back as well for SQL string injection

* review comments

* Add
 2019-11-17 13:39:56 +01:00
Nanne Baars
ba74898441 Add JavaScript to assignment otherwise you will not be able to see the flow of the endpoint 2019-11-12 09:12:37 +01:00
Nanne Baars
1d477bd0e8 Rename endpoint in JavaScript as backend call uses different endpoint 2019-11-12 09:12:37 +01:00
Nanne Baars
ddf6ac9bdb Improve handling of missing parameters, now returns HTTP/401 (#698) 2019-11-03 18:27:03 +01:00
Nanne Baars
1a83e2825e Code style (#696) 
* Remove Guava dependency from WebGoat

* Add Checkstyle to the project with very basic standards so we have a
style across lessons. It does not interfere with basic Intellij formatting
 2019-11-03 18:11:09 +01:00
Nanne Baars
25dae3a4a8 Fix merge request 2019-10-30 08:28:14 +01:00
Nanne Baars
dad9c75ee0 Fix tests after updating from develop, changes applied for migrating to Spring Boot 2 2019-09-23 17:35:04 +02:00
Nanne Baars
35c1305ce9 Merge conflicts resolved 2019-09-23 07:34:27 +02:00
Nanne Baars
e8d086ac9b All successful 2019-09-20 07:59:04 +02:00
Nanne Baars
82ad0a7cc7 Finally working 2019-09-18 17:53:43 +02:00
Rene Zubcevic
57e6a84cef fixed and improved first two jwt challenges 2019-09-17 18:33:05 +02:00
Nanne Baars
5e6f825e64 WIP 2019-09-13 16:42:13 +02:00
Nanne Baars
216b29fca2 Clean up in pom files 2019-07-24 20:37:32 +02:00
Matthias Grundmann
81aac93dfe
Usage base64 encoded password as expected by JJWT 2018-06-13 17:58:52 +02:00
Matthias Grundmann
f383454440 Fix spelling in JWT lesson 2018-06-12 11:02:51 +02:00
Matthias Grundmann
a7b82985d4 Fix usage of JJWT API which expects base64 encoded strings as key 2018-06-12 11:01:23 +02:00
Nanne Baars
4e07e0ebfa Fix links to open new browser tab 2018-05-29 14:04:33 +02:00
Nanne Baars
6e95fdfe56 Adjusted documentation 2018-05-29 13:33:52 +02:00
Nanne Baars
e045bc692d Buying page also calculates the prices 
Product image added
 2018-05-29 12:47:27 +02:00
Nanne Baars
589872ad47 Fix for JWT assignment 1 log in now works again. 
Reset button only triggers reset when admin is set to true in the token
 2018-05-29 11:20:40 +02:00
Nanne Baars
8d7ecb19d7 Added testcases for all JWT endpoints 2018-05-23 14:28:19 +02:00
Nanne Baars
e0cf5b4a84 Removed under construction from JWT lesson 2018-05-23 14:28:19 +02:00
Nanne Baars
5b524d3a94 Added more unit tests 2018-05-23 14:28:19 +02:00
Nanne Baars
dda6f674a3 Last assignment for JWT tokens finished 2018-05-23 14:28:19 +02:00
Nanne Baars
e06d4642eb Fix error in testcase 2018-05-23 14:28:19 +02:00
Nanne Baars
4a8fdcf887 Fix content-type for login (gives error in console of browser) 2018-05-23 14:28:19 +02:00
Nanne Baars
fd96ba18f1 Added test cases for solving the lesson 2018-05-23 14:28:19 +02:00
Nanne Baars
60ef35e241 Working lesson 2018-05-23 14:28:19 +02:00
Nanne Baars
9d7886d572 More JWT work 2018-05-23 14:28:19 +02:00
Nanne Baars
7a0820bf89 WIP 2018-05-23 14:28:19 +02:00
Nanne Baars
ea9c1a453d Initial version for JWT 2018-05-23 14:28:19 +02:00
Jason White
ce7c271bb5 initial cut on auth-bypass lesson 2017-07-18 15:59:46 -04:00
Nanne Baars
98000d6002 Fixing links in several lessons 2017-03-23 09:41:01 +01:00
Nanne Baars
259fd19c1b - Introduced user registration 
- Now using Spring Boot for classloading, this way local development does not need to restart the complete server
- Fixed all kinds of dependencies on the names of the lessons necessary to keep in mind during the creation of a lesson.
- Simplied loading of resources, by adding resource mappings in MvcConfig.
- Refactored plugin loading, now only one class is left for loading the lessons.
 2017-03-22 11:35:14 +01:00