54610868fe
Fix the syntax differences between HSQL and Postgres
2020-04-27 11:45:41 +02:00
88eb4d7b26
ace editor added without all the nonsense around it
2020-04-26 16:45:56 +02:00
089952e9ad
quiz fix for CIA, SQL Injection Advanced and XSS + XSS description
...
change in alert(document.cookie)
2020-04-17 15:33:26 +02:00
b8abc99faf
fix for scoreboard after js refactoring
2020-04-08 12:05:01 +02:00
e921fb66a9
actual working version of vulnerable components part 5
2020-04-08 12:05:01 +02:00
e25f7a7560
clean up and update js
2020-04-08 12:05:01 +02:00
3ece45b3d4
Fix for not passing the content-type
2020-03-10 08:03:48 +01:00
6b7678fb1d
Remove old files
2020-03-10 08:03:48 +01:00
6c25cf8e43
Add path traversal lesson
2020-03-10 08:03:48 +01:00
a8118a14cd
add support for status 403 feedback from e.g. ModSecurity/CRS
2020-02-28 23:06:42 +01:00
edd6b7d7cf
Reset lesson bug ( #741 )
...
* Remove old code from UI
* Remove old code
* Remove old functions
* Remove unnecessary divs
* Remove logging to console
* Clear lesson messages (checkmark, output text etc) when lesson resets
2020-01-05 20:22:50 +01:00
0d7daf60d9
Fix broken e-mail link ( #738 )
2020-01-05 15:05:51 +01:00
b5e5dd1d13
Crypto lesson ( #712 )
...
* crypto lesson added
* signing assignment
* integration test added for signing assignment
* added more hints
* corrections after rebase
* added some explanation
* added security defaults assignment
2019-11-23 21:52:14 +01:00
9c0b7f8233
Fix version substitution so WebGot home directory contains version number instead of @project.version@ in the name ( #710 )
2019-11-17 14:33:24 +01:00
5dd6b31905
Adjust lesson template ( #704 )
...
* Remove method `getId()` from all lessons as it defaults to the class name
* remove clean up endpoint
* remove unused class `RequestParameter`
* remove unused class `PluginLoadingFailure`
* Move `CourseConfiguration` to lesson package
* Add more content around the lesson template lesson and make it visible as a lesson in WebGoat
* Remove explicit invocation `trackProgress()` inside WebGoat framework so assignments only need to return an `AttackResult`
* Put original solution back as well for SQL string injection
* review comments
* Add
2019-11-17 13:39:56 +01:00
f7b794bf68
Race condition in counting number of attempts #567 ( #697 )
...
Add version to Hibernate mapping so we get optimistic locking this solves
number of parallel calls trying to update/guess and mess with the lesson
counter
2019-11-03 18:14:15 +01:00
9b87fd602c
Explicitly set session persistence to false (result in non serializable exception)
2019-10-30 08:28:14 +01:00
25dae3a4a8
Fix merge request
2019-10-30 08:28:14 +01:00
2a6b3d189e
Disable csrf through property no longer works and we already have it in WebSecurityConfig. Thymeleaf templates caching is set on the resolvers themselves
2019-10-30 08:28:14 +01:00
e0ac4a1083
lessons in correct order and scoreboard visible again ( #680 )
2019-10-10 09:45:43 +02:00
35c1305ce9
Merge conflicts resolved
2019-09-23 07:34:27 +02:00
4777dab57a
review comments processed
2019-09-18 17:46:32 +02:00
ec236a4ff5
First steps in XXE integration tests
2019-09-18 14:48:34 +02:00
361249c666
First attempt at moving to Spring Boot 2
2019-09-12 17:22:03 +02:00
ff530e926e
Use separate project for integration tests so we can start WebGoat and WebWolf
2019-08-25 17:43:14 +02:00
ae674b9297
Merge pull request #620 from zubcevic/july2019-bugfixes
...
increased sql form fields and fixed chrome progress
2019-07-25 08:39:34 +02:00
216b29fca2
Clean up in pom files
2019-07-24 20:37:32 +02:00
f9e78739f3
reverted mandatory file encoding which will make it worse on windows
2019-07-20 09:13:21 +02:00
656fa40182
style sheet and advanced sql
2019-07-19 16:49:30 +02:00
12de48ebbb
additional environment entries to support https on webgoat
2019-07-14 12:18:07 +02:00
27a61f0f70
Reworked and styled quiz
2019-03-26 08:43:38 +01:00
0915bf3d7f
Changed checkboxes to radio buttons, since it is single choice.
...
Moved css to seperate css file.
Made questions clickable not just the checkbox.
Reworked java code.
Work in Progress...
2019-03-26 08:43:38 +01:00
8b61811278
Added doc to quiz js
2019-03-26 08:43:38 +01:00
4cdd649a5a
Added html mode for code editor
2019-03-26 08:43:38 +01:00
3a7601d348
Moved js files to global directory, added id system to question json
2019-03-26 08:43:38 +01:00
a41ff0083c
Merge pull request #479 from misfir3/develop
...
Recent updates, including Missing Function AC content & patch for Vuln Components Lesson
2018-06-13 18:44:09 -06:00
bae3e75ae2
Fix minor issues in hint view
2018-06-12 11:02:16 +02:00
89f6a73275
Fix next page button when url doesn't end with page number
2018-06-07 19:07:58 +02:00
1734170e9e
updates to missing function ac lesson
2018-06-04 16:53:13 -06:00
ecb7688e08
Update to new version for develop
...
Move WebWolf to port 9090 easier since most of the time something is running on 8081
Add scripts for easy building Docker files etc
2018-05-30 13:17:05 +02:00
f8a7a61e85
New lesson working
2018-05-26 15:09:18 +02:00
dda6f674a3
Last assignment for JWT tokens finished
2018-05-23 14:28:19 +02:00
ea9c1a453d
Initial version for JWT
2018-05-23 14:28:19 +02:00
a73bf58d36
more hintview patching
2018-05-23 13:35:51 +02:00
0ff6000511
wiring jqueryui to vuln jquery #368
2018-05-23 13:35:51 +02:00
91d9db5f80
work-arounds, fixes for page initialization and some clean-up
2018-05-23 13:35:51 +02:00
6a5ca43e7e
Strip out slash-escaped JSON sequence received in client.
...
The server will slash-escape some JSON related characters before sending. Need to strip them out before using, on the client side.
2018-05-02 22:21:22 +02:00
9aa674e326
stringfy object so it's visible in the console
2018-05-02 22:04:25 +02:00
6b4a488c8c
Users shared now between WebGoat and WebWolf by starting HSQLDB
...
as standalone database
2018-05-01 22:00:07 +02:00
11ffa5702c
Added "WebWolf" enabled to the lessons which support the usage of WebWolf
2018-04-29 15:02:19 +02:00
