45d7b763d4 
					 
					
						
						
							
							Remove an unnecessary printStackTrace()  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@269  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2008-01-10 20:21:10 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						cbb5358485 
					 
					
						
						
							
							Changes for OWASP Developer build for 5.1  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@268  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2008-01-10 17:44:49 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						b7156e12da 
					 
					
						
						
							
							Added hint about extra "." in  http://localhost./  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@267  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2008-01-10 17:39:07 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						36ca8e5598 
					 
					
						
						
							
							Challenge jsp is supposed to be a clone of the webgoat.jsp  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@266  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2008-01-10 13:48:42 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						ef79edca0a 
					 
					
						
						
							
							Changes for OWASP Standard build for 5.1  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@265  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2008-01-10 13:43:46 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						aa62ffbb71 
					 
					
						
						
							
							No longer delivering standalone war  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@264  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2008-01-10 13:36:06 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						6834cac8fa 
					 
					
						
						
							
							Commented out console debugging output  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@263  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2008-01-10 12:57:39 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						8e83229be8 
					 
					
						
						
							
							Show solution button graphics  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@262  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2008-01-10 12:52:37 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						97a1291648 
					 
					
						
						
							
							Java mail APIs for unchecked email lesson  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@261  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2008-01-10 12:50:27 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						d8f7ce2a4f 
					 
					
						
						
							
							Add a link to the WSDL file in the 3rd stage of SOAPRequest  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@260  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2008-01-10 10:52:02 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						1b6789304c 
					 
					
						
						
							
							Fix a hint to refer to the right field  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@259  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2008-01-10 10:51:43 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						8d85b2da23 
					 
					
						
						
							
							Change UpdateProfile to always use a PreparedStatement, to avoid SQL Injection attacks  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@258  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2008-01-10 10:49:12 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						f78d70a8e7 
					 
					
						
						
							
							Only mark Stage 1 complete when someone else views the exploit  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@257  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2008-01-10 10:48:30 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						dd6a893f28 
					 
					
						
						
							
							minor changes  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@256  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2008-01-10 10:48:01 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						489bff08f8 
					 
					
						
						
							
							cleaning up a bit  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@255  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2008-01-10 10:47:33 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						457a868113 
					 
					
						
						
							
							adding XHR lesson  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@254  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2008-01-10 10:46:57 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						4066296d30 
					 
					
						
						
							
							changing name of lesson  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@253  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2008-01-10 10:46:18 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						b3591580a9 
					 
					
						
						
							
							clarifying instructions and importing a .js  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@252  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2008-01-10 10:45:44 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						dc3ad6453d 
					 
					
						
						
							
							adding backup files  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@251  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2008-01-10 10:45:23 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						f27dae0773 
					 
					
						
						
							
							changing location of RegexMatch.dll  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@250  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2008-01-10 10:45:07 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						8e1fb2caa3 
					 
					
						
						
							
							added console debugging line  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@249  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2008-01-10 10:44:56 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						2bb4df8ef1 
					 
					
						
						
							
							added console debugging line  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@248  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2008-01-10 10:44:43 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						ebfcd02a9f 
					 
					
						
						
							
							updating AJAX lesson plans  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@247  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2008-01-10 10:44:27 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						a84d0e951d 
					 
					
						
						
							
							making ajax impovements  
						
						... 
						
						
						
						Also convert SQL server file from Unix to DOS line endings
git-svn-id: http://webgoat.googlecode.com/svn/trunk@246  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2008-01-10 10:44:09 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						a8c87e0704 
					 
					
						
						
							
							Move the SQL Server instructions into a single file  
						
						... 
						
						
						
						Previously, the solution to this lesson involved a complex
set of operations, loading assemblies, creating functions, etc
Now that that is all done during the set up phase, and is not
expected of the student, the solution is easy to fit into
the instructor file.
git-svn-id: http://webgoat.googlecode.com/svn/trunk@245  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2008-01-10 10:14:46 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						1621a39e35 
					 
					
						
						
							
							Provide an example of how to override the default setting using environment variables  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@244  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2008-01-10 10:14:30 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						12554493cd 
					 
					
						
						
							
							Change the default Oracle password back to webgoat (no _)  
						
						... 
						
						
						
						No good reason to change it actually.
git-svn-id: http://webgoat.googlecode.com/svn/trunk@243  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2008-01-10 10:14:27 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						71330946f4 
					 
					
						
						
							
							Make it possible to override WebGoat context settings via environment variables  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@242  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2008-01-10 10:14:17 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						c31ef90a3d 
					 
					
						
						
							
							Allow overriding of the WebGoat context setting via environment variables  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@241  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2008-01-10 10:14:06 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						36b32849df 
					 
					
						
						
							
							Add support for MS SQL Server in the DB Labs  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@240  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2008-01-10 10:13:52 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						900a222316 
					 
					
						
						
							
							Change the default webgoat password  
						
						... 
						
						
						
						Add an underscore to the password to allow us to keep the same
password across multiple platforms, including those that enforce
password quality (e.g. SQL Server)
git-svn-id: http://webgoat.googlecode.com/svn/trunk@239  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2008-01-10 10:13:21 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						cb2a3784b6 
					 
					
						
						
							
							Change DBSQLInjection lesson to count the matched rows  
						
						... 
						
						
						
						This is an improvement over expecting the stored proc
to throw an exception, and is more portable
git-svn-id: http://webgoat.googlecode.com/svn/trunk@238  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2008-01-10 10:13:13 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						0149a699a3 
					 
					
						
						
							
							minor bug fixes.  
						
						... 
						
						
						
						Minor updates to concurrency cart
git-svn-id: http://webgoat.googlecode.com/svn/trunk@237  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2008-01-10 10:12:44 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						1ce614f733 
					 
					
						
						
							
							Merge with major changes made by Aspect  
						
						... 
						
						
						
						Several new lessons added
git-svn-id: http://webgoat.googlecode.com/svn/trunk@236  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2008-01-10 10:12:31 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						137b7c813c 
					 
					
						
						
							
							several minor bug fixes.  
						
						... 
						
						
						
						UpdateProfile uses prepared statements.
ReflectedXSS "code" input field vulnerable to XSS.
Minor updates to concurrency cart
git-svn-id: http://webgoat.googlecode.com/svn/trunk@235  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2008-01-10 10:11:50 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						6c9c53b938 
					 
					
						
						
							
							Remove some unused imports  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@234  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2008-01-10 10:11:27 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						c3cee22113 
					 
					
						
						
							
							Fix database connetion handling.  
						
						... 
						
						
						
						Oracle requires us to close our connections after each
request (or else implement a connection pool), otherwise
we will end up running out of available connections.
While the mechanism for doing this was added in a previous
change, actually using it correctly was omitted somehow.
Fix that now.
git-svn-id: http://webgoat.googlecode.com/svn/trunk@233  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2008-01-10 10:11:12 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						aab0125c50 
					 
					
						
						
							
							Synchronize access to the DatabaseUtilities core methods  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@232  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2008-01-10 10:10:39 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						531991f26d 
					 
					
						
						
							
							Replace the "Stage n" text in the instructions  
						
						... 
						
						
						
						Since we now use a link in the menu to choose a stage, rather than the
drop down, we need the Stage number to be visible
git-svn-id: http://webgoat.googlecode.com/svn/trunk@231  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2008-01-10 10:10:29 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						8b21a7785e 
					 
					
						
						
							
							Update the DB lessons  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@230  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2008-01-10 10:10:10 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						d9cf56268e 
					 
					
						
						
							
							Fix line endings  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@229  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2008-01-10 10:09:49 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						427832411c 
					 
					
						
						
							
							Fix line endings  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@228  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2008-01-10 10:09:41 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						5457faf9a3 
					 
					
						
						
							
							Add Rogan Dawes to the challenge screen as a contributor  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@227  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2008-01-10 10:09:33 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						647c0c4a34 
					 
					
						
						
							
							Allow accessing Web Services when WebGoat is on a non-standard port  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@226  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2008-01-10 10:09:27 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						64ce7068c4 
					 
					
						
						
							
							Move the Thread Safety lesson into the Concurrency category  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@225  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2008-01-10 10:09:13 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						92072f3921 
					 
					
						
						
							
							Update the Challenge Stage 2 to be more realistic  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@224  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2008-01-10 10:09:00 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						af8e61eb9f 
					 
					
						
						
							
							Change the line endings on the instructions  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@223  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2008-01-10 10:08:48 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						2fd09c3084 
					 
					
						
						
							
							Add a new Concurrency lesson  
						
						... 
						
						
						
						Created by Ryan Knell @Aspect Security
git-svn-id: http://webgoat.googlecode.com/svn/trunk@222  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2008-01-10 10:08:45 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						3b128c8ebb 
					 
					
						
						
							
							Removed space from path information  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@221  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2008-01-09 19:50:49 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						84ca966ce5 
					 
					
						
						
							
							Added client side validation to HiddenFieldTampering.java, added a new ECS makeButton with a OnClick function, corrected authorship in several files  
						
						... 
						
						
						
						git-svn-id: http://webgoat.googlecode.com/svn/trunk@220  4033779f-a91e-0410-96ef-6bf7bf53c507 
						
						
					 
					
						2008-01-09 13:28:07 +00:00