9509993a8f
all tests complete for Password Reset ( #785 )
2020-04-17 15:54:24 +02:00
25e66ae412
use of script console in stead of browser address bar
2020-04-17 15:33:26 +02:00
089952e9ad
quiz fix for CIA, SQL Injection Advanced and XSS + XSS description
...
change in alert(document.cookie)
2020-04-17 15:33:26 +02:00
efc5a870a0
Path traversal windows unittest fix ( #780 )
...
* fixes to support windows and linux/unix/mac
* fix in matcher
2020-04-14 16:13:43 +02:00
0638cae6e5
corrected hints and improved error handling base64 ( #781 )
2020-04-14 16:13:25 +02:00
b8abc99faf
fix for scoreboard after js refactoring
2020-04-08 12:05:01 +02:00
e921fb66a9
actual working version of vulnerable components part 5
2020-04-08 12:05:01 +02:00
e25f7a7560
clean up and update js
2020-04-08 12:05:01 +02:00
c4ae9ae2ab
migrate to JUnit 5 code
2020-04-06 16:02:15 +02:00
c4153ecbfb
Maven owasp dep update ( #776 )
...
* add pmd and owasp dependency check through -P owasp profile
* suppress full stack trace in log
* revert to spring 2.2.0 as 2.2.4 failed in travis
* added owasp dependency check maven configuration details to vulenerable
lesson page 7
2020-04-06 16:01:09 +02:00
bb6d06713f
Fix failing test
2020-03-10 08:03:48 +01:00
14022d88c9
Last assignment now filters out .. and / so encoding plays a role now
2020-03-10 08:03:48 +01:00
d4966b5e71
Fix test cases
2020-03-10 08:03:48 +01:00
b3840e60e3
Fix lessons
2020-03-10 08:03:48 +01:00
3ece45b3d4
Fix for not passing the content-type
2020-03-10 08:03:48 +01:00
6b7678fb1d
Remove old files
2020-03-10 08:03:48 +01:00
6c25cf8e43
Add path traversal lesson
2020-03-10 08:03:48 +01:00
c4c28f544f
Fixed CSRF broken links.
2020-03-06 17:15:10 +01:00
3b050a856a
tested solution with unit test and verfied with lesson 5 on ie
2020-02-28 23:11:29 +01:00
71d9c4b61a
first steps
2020-02-28 23:11:29 +01:00
a8118a14cd
add support for status 403 feedback from e.g. ModSecurity/CRS
2020-02-28 23:06:42 +01:00
5f3dff4921
added notes on salted hash ( #758 )
2020-02-27 07:20:58 +01:00
208aa42fdb
relax detection regex ( #757 )
...
Allow for content before and after the script; Allow optional semicolon
2020-02-20 20:00:07 +01:00
cd3fb8040f
Typo and grammar corrections for the crypto lessons ( #756 )
...
* Correct typos and grammar errors.
* Revert one grammar change
2020-02-09 08:00:08 +01:00
9d5fa6f4ef
Correct typos and clarify language in signing.adoc ( #754 )
...
Some of the changes correct simple misspellings. Some are intended to clarify or simplify the language.
2020-01-30 14:01:42 +01:00
6797033a09
restored pom removal ( #753 )
2020-01-25 18:18:06 +01:00
9eee726eb5
All in one docker ( #749 )
...
* all-in-one Dockerfile preparations
* some cleanup
* add to main pom and add links in index.html
* updated deploy script from build pipeline
* additional line feed just in case
2020-01-25 17:54:24 +01:00
4e371b63d0
suppressing some useless log messages and banners in unit tests ( #752 )
...
* suppressing some useless log messages and banners in unit tests
* some more log suppressed
2020-01-25 12:11:45 +01:00
edd6b7d7cf
Reset lesson bug ( #741 )
...
* Remove old code from UI
* Remove old code
* Remove old functions
* Remove unnecessary divs
* Remove logging to console
* Clear lesson messages (checkmark, output text etc) when lesson resets
2020-01-05 20:22:50 +01:00
5de82c0a06
Fix link to XStream blog which no longer exists ( #740 )
2020-01-05 19:48:40 +01:00
71f2d2968f
Fix NPE when request does not contain parameter ( #739 )
2020-01-05 15:14:53 +01:00
0d7daf60d9
Fix broken e-mail link ( #738 )
2020-01-05 15:05:51 +01:00
bb80e11665
dockerfile and compose changes ( #737 )
...
* dockerfile and compose changes
* adjusted link
2019-12-27 20:32:35 +01:00
8088465652
Move and remove unneccessary pom dependencies ( #736 )
2019-12-24 16:14:36 +01:00
035c8662d4
Revert "Bump xstream from 1.4.5 to 1.4.6 in /webgoat-lessons"
...
This reverts commit a831d949b2
2019-12-23 17:14:20 +01:00
a831d949b2
Bump xstream from 1.4.5 to 1.4.6 in /webgoat-lessons
...
Bumps xstream from 1.4.5 to 1.4.6.
Signed-off-by: dependabot[bot] <support@github.com >
2019-12-23 17:12:31 +01:00
4c45a1e68c
This lesson is intended to show the dangers of outdated software. However in version 1.4.7 the vulnerability is fixed! In 1.4.5 it is still present, so I suggest this downgrade. It is tested and works as intended, just as 1.4.7 does not.
2019-12-23 17:09:46 +01:00
f79ad452d2
password reset support for using www.webwolf.local
2019-12-23 17:08:33 +01:00
59076fc9ef
adjusted WebWolfMacro
2019-12-23 17:08:33 +01:00
b6aa677594
Zap 8 update for proxy lesson ( #718 )
...
* additional steps in proxy setup added
* lessons checked
* added page on https proxy and burp proxy
2019-12-10 12:14:21 +01:00
681a20a7c3
In the migration to Spring 2, this method lost its get mapping to the IDOR/profile url,breaking the javascript call to that address. ( #720 )
...
thanks!
2019-12-04 12:21:19 +01:00
c5ec2d40a1
updates docker image name ( #717 )
2019-11-26 18:12:06 +01:00
b5e5dd1d13
Crypto lesson ( #712 )
...
* crypto lesson added
* signing assignment
* integration test added for signing assignment
* added more hints
* corrections after rebase
* added some explanation
* added security defaults assignment
2019-11-23 21:52:14 +01:00
9c0b7f8233
Fix version substitution so WebGot home directory contains version number instead of @project.version@ in the name ( #710 )
2019-11-17 14:33:24 +01:00
5dd6b31905
Adjust lesson template ( #704 )
...
* Remove method `getId()` from all lessons as it defaults to the class name
* remove clean up endpoint
* remove unused class `RequestParameter`
* remove unused class `PluginLoadingFailure`
* Move `CourseConfiguration` to lesson package
* Add more content around the lesson template lesson and make it visible as a lesson in WebGoat
* Remove explicit invocation `trackProgress()` inside WebGoat framework so assignments only need to return an `AttackResult`
* Put original solution back as well for SQL string injection
* review comments
* Add
2019-11-17 13:39:56 +01:00
f40b6ffd31
Moving back to snapshot
2019-11-13 12:27:26 +01:00
7313fc6c08
Merge branch 'release/v8.0.0.M26' into develop
2019-11-12 09:33:05 +01:00
c8ac054093
Merge branch 'release/v8.0.0.M26'
2019-11-12 09:32:50 +01:00
fe2ac1b8d4
New release, updating pom.xml
2019-11-12 09:22:45 +01:00
ba74898441
Add JavaScript to assignment otherwise you will not be able to see the flow of the endpoint
2019-11-12 09:12:37 +01:00
