c6e86861fe
Removed Mongodb, so we do not have issues with downloading the embedded Mongodb. Moved back to JPA and use HSQLDB for storing user information.
2017-12-29 22:12:21 +01:00
dd7f4074cd
Added encoding for asciidoc
2017-12-28 00:16:16 +01:00
43b82027f5
Added more content for CSRF lesson
2017-11-22 01:34:05 +01:00
5eed385d5d
When an adoc file cannot be found the complete lesson crashed, made it failsafe with a logging statement.
2017-11-17 07:08:24 +01:00
157b982394
successFunction and failureFunction were selected by using the main form (so the succesFunction of the first assignment was used for the next assignment) not the currentForm we determined in onFormSubmit() function.
2017-11-17 07:06:56 +01:00
6c91e7dc8a
Fixed WebWolf issues with sending e-mails
2017-11-15 11:58:31 +01:00
f91f77708a
New version
2017-11-02 21:44:30 +01:00
fc1353b2f1
Pom cleanup
2017-11-02 16:14:44 +01:00
1e9f92220d
Removed unnecessary JPA libraries
2017-11-02 15:44:45 +01:00
a11d3d0b1b
- Made movie little bit shorter because webgoat-server.jar was over 200Mb
...
- Movie was copy and pasted to csrf and auth lesson removed it from those lessons
- Made jars which are not necessary in the webgoat-server.jar optional
2017-11-02 15:39:49 +01:00
8729d9bfcf
Fixed minor issues for properties and starting WebGoat
2017-11-02 12:42:19 +01:00
1ecb43092d
Bumped version number
2017-10-18 19:58:14 +02:00
8250b4048f
Updating version number
2017-10-18 19:43:33 +02:00
3ee1a1ca16
Travis now builds Docker and create a Github release.
...
Removed ActiveMQ between WebGoat and WebWolf they now act as standalone applications
2017-10-18 10:54:16 +02:00
d0ec84e9a6
Merge remote-tracking branch 'upstream/develop' into develop
2017-10-11 20:29:47 -06:00
b156d81535
Initial cut on CSRF. More to come
2017-10-11 20:06:57 -06:00
5033c3661a
Cleaning up test case logging
2017-10-08 02:07:22 +02:00
6cb526aa43
Maven build generates too much output for Travis CI
2017-10-08 01:58:03 +02:00
8a982dedb5
Updated XXE lesson so it also uses WebWolf
2017-10-07 13:46:34 +02:00
46c536554c
- Added new challenges
...
- Added new webapplication called WebWolf to make attacks more realistic
- Added WebWolf lesson to explain the concepts behind this new application
2017-09-12 23:12:10 +02:00
b41751a55c
missing function level ac working again ... after VM implosion
2017-08-08 17:15:20 -06:00
8df1d53471
interim missing function ac commit, traversing dev. env.
2017-08-08 09:28:09 -06:00
06bf690a3a
Merge remote-tracking branch 'upstream/develop' into develop
2017-08-02 19:12:29 -04:00
49621c637f
Upgraded to latest in memory MongoDB (due to download link no longer working)
2017-07-26 05:07:15 +02:00
f1a104f0ab
merging missing function-level-ac lesson
2017-07-25 09:44:10 -04:00
8186bd4766
css and xss updates
2017-07-24 18:05:57 -04:00
c44186f986
start of missing function ac lesson
2017-07-24 16:26:23 -04:00
ca4b0c06b5
lesson css file
2017-07-24 11:34:10 -04:00
dce962bdeb
Updating Category ordering, closer to T10
2017-07-19 15:54:50 -04:00
0cb4faf15f
refactor to support cleaner scoping && success and failure callbacks
2017-07-18 17:39:58 -04:00
fb65534355
Merging from 'injection-updates' into local develop branch
2017-07-03 15:22:02 -04:00
2e4e4ea716
including restart lesson fix for lesson overview
2017-07-03 12:37:15 -04:00
daaf361dd2
Lesson Overview updates
2017-07-03 12:14:01 -04:00
89e2fc109c
Work-around to handle special chars in action ... currently to be able to match {userId} in hint creation/assignment for IDOR
2017-06-27 10:24:38 -04:00
dd18e68660
merge of upstream, conflict resolution
2017-06-27 08:30:58 -04:00
ccb4e3813b
#353 - lesson template/guide
2017-06-23 14:46:09 -04:00
e808abd504
Added testcase for SQL lesson 6a
2017-06-16 00:23:40 +02:00
7809057208
Enabled the challenges again to make them visible for everybody who starts WebGoat
2017-06-15 23:38:04 +02:00
e9ad20cb30
Make sure we clean all the files below the .webgoat dir
2017-06-15 19:08:19 +02:00
a484467419
Adding extra lesson for order by clauses
2017-06-15 19:08:19 +02:00
b048988d2f
Changed layout of the html tampering lesson and fixed some JavaScript issues. Added a small mitigation page.
...
Moved the lessons concerning client side validation to client side category
2017-06-13 03:22:19 +02:00
52a48df70c
XXE successfully completed message was no longer shown, fixed it by using form POST together with customjs functions.
...
Introduced callback functionality which you can specify after the posting in order to be able to load the comments list again.
2017-06-12 15:08:55 +02:00
129e9deba9
Added testcase for SQL injection lesson
2017-05-21 16:40:52 +02:00
0ad1f0d147
Fixing Travis issues while building
2017-05-21 13:28:29 +02:00
2b2451dd9c
testing with Travis dirs
2017-05-21 13:10:52 +02:00
50795d9ded
testing with Travis dirs
2017-05-21 13:06:00 +02:00
877de6ebd4
Updated XXE lessons with challenge screens
2017-05-21 12:24:42 +02:00
feead6b740
initial cut on XSS, need to add some tests still
2017-05-18 14:41:14 -04:00
8d3c251d04
Merge branch 'challenge' into develop
...
Conflicts:
webgoat-container/src/main/resources/static/css/main.css
2017-05-04 03:02:00 +02:00
08e7916b39
polling updates, including banner for appseceu
2017-05-10 16:15:38 +01:00
