b41751a55c 
					 
					
						
						
							
							missing function level ac working again ... after VM implosion  
						
						
						
						
					 
					
						2017-08-08 17:15:20 -06:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						8df1d53471 
					 
					
						
						
							
							interim missing function ac commit, traversing dev. env.  
						
						
						
						
					 
					
						2017-08-08 09:28:09 -06:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						06bf690a3a 
					 
					
						
						
							
							Merge remote-tracking branch 'upstream/develop' into develop  
						
						
						
						
					 
					
						2017-08-02 19:12:29 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						10e5edbc36 
					 
					
						
						
							
							temp. removal of offending UT  
						
						
						
						
					 
					
						2017-08-02 19:06:55 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						49621c637f 
					 
					
						
						
							
							Upgraded to latest in memory MongoDB (due to download link no longer working)  
						
						
						
						
					 
					
						2017-07-26 05:07:15 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						0b92a57f77 
					 
					
						
						
							
							WebGoat no longer runs as root in the Docker container.  
						
						
						
						
					 
					
						2017-07-26 05:06:40 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						b06fb72a74 
					 
					
						
						
							
							Fixed typo  
						
						
						
						
					 
					
						2017-07-25 17:41:37 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						f1a104f0ab 
					 
					
						
						
							
							merging missing function-level-ac lesson  
						
						
						
						
					 
					
						2017-07-25 09:44:10 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						8186bd4766 
					 
					
						
						
							
							css and xss updates  
						
						
						
						
					 
					
						2017-07-24 18:05:57 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						c44186f986 
					 
					
						
						
							
							start of missing function ac lesson  
						
						
						
						
					 
					
						2017-07-24 16:26:23 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						ca4b0c06b5 
					 
					
						
						
							
							lesson css file  
						
						
						
						
					 
					
						2017-07-24 11:34:10 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						c87f75ed18 
					 
					
						
						
							
							Merge pull request  #375  from misfir3/develop  
						
						... 
						
						
						
						Minor Updates to Categories and IDOR hints 
						
						
					 
					
						2017-07-19 16:45:38 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						fc05a68ef7 
					 
					
						
						
							
							update to IDOR hints  
						
						
						
						
					 
					
						2017-07-19 16:00:10 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						dce962bdeb 
					 
					
						
						
							
							Updating Category ordering, closer to T10  
						
						
						
						
					 
					
						2017-07-19 15:54:50 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						8a2499c56a 
					 
					
						
						
							
							Update to README.MD ( #372 )  
						
						... 
						
						
						
						Providing instructions on how to change listening IP address. 
						
						
					 
					
						2017-07-19 09:55:10 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						9e1e4c1d2a 
					 
					
						
						
							
							Merge remote-tracking branch 'upstream/develop' into auth-bypass  
						
						
						
						
					 
					
						2017-07-19 08:58:24 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						b57cfd06b1 
					 
					
						
						
							
							Started testing. Having issues, but commiting stubs and making ticket to return  
						
						
						
						
					 
					
						2017-07-19 08:56:48 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						89bfc3f12d 
					 
					
						
						
							
							fixing image  
						
						
						
						
					 
					
						2017-07-18 17:54:50 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						9b643728f8 
					 
					
						
						
							
							verify account assignment hints  
						
						
						
						
					 
					
						2017-07-18 17:48:57 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						0cb4faf15f 
					 
					
						
						
							
							refactor to support cleaner scoping && success and failure callbacks  
						
						
						
						
					 
					
						2017-07-18 17:39:58 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						ce7c271bb5 
					 
					
						
						
							
							initial cut on auth-bypass lesson  
						
						
						
						
					 
					
						2017-07-18 15:59:46 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						cac1fb17e4 
					 
					
						
						
							
							minor update to getting started file  
						
						... 
						
						
						
						Updating Base Class section/description 
						
						
					 
					
						2017-07-12 16:59:13 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						bf06d645a1 
					 
					
						
						
							
							Merge remote-tracking branch 'upstream/develop' into develop  
						
						
						
						
					 
					
						2017-07-10 10:18:12 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						10481cb63d 
					 
					
						
						
							
							lesson overview updates ( #369 )  
						
						... 
						
						
						
						* Lesson Overview updates
* including restart lesson fix for lesson overview 
						
						
					 
					
						2017-07-10 08:33:28 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						82ef171a50 
					 
					
						
						
							
							XSS Lesson Modifications ( #367 )  
						
						... 
						
						
						
						* initial cut on XSS, need to add some tests still
* initial unit tests for assignment endpoints
* updating header comment license thingy
* comment, clean up
* Stubs for security unit test
* Additional Unit Testing
* isEncoded and isNotEncoded Unit Tests added
* http-proxies updates
* update for XXE solutions
* Work-around to handle special chars in action ... currently to be able to match {userId} in hint creation/assignment for IDOR
* IDOR hints updated
* mitigation content update
* mitigation content update ... 2
* Lesson Overview updates
* including restart lesson fix for lesson overview 
						
						
					 
					
						2017-07-10 08:33:10 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						fb65534355 
					 
					
						
						
							
							Merging  from 'injection-updates' into local develop branch  
						
						
						
						
					 
					
						2017-07-03 15:22:02 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						2e4e4ea716 
					 
					
						
						
							
							including restart lesson fix for lesson overview  
						
						
						
						
					 
					
						2017-07-03 12:37:15 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						daaf361dd2 
					 
					
						
						
							
							Lesson Overview updates  
						
						
						
						
					 
					
						2017-07-03 12:14:01 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						921561cf32 
					 
					
						
						
							
							mitigation content update ... 2  
						
						
						
						
					 
					
						2017-06-27 11:33:39 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						ebb851b361 
					 
					
						
						
							
							mitigation content update  
						
						
						
						
					 
					
						2017-06-27 11:28:16 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						296723508b 
					 
					
						
						
							
							IDOR hints updated  
						
						
						
						
					 
					
						2017-06-27 10:26:22 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						89e2fc109c 
					 
					
						
						
							
							Work-around to handle special chars in action ... currently to be able to match {userId} in hint creation/assignment for IDOR  
						
						
						
						
					 
					
						2017-06-27 10:24:38 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						dd18e68660 
					 
					
						
						
							
							merge of upstream, conflict resolution  
						
						
						
						
					 
					
						2017-06-27 08:30:58 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						3a9bb946ed 
					 
					
						
						
							
							update for XXE solutions  
						
						
						
						
					 
					
						2017-06-27 08:27:06 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						3ec5b8708e 
					 
					
						
						
							
							clean up of unneeded stuff in pom  
						
						
						
						
					 
					
						2017-06-23 14:46:40 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						ccb4e3813b 
					 
					
						
						
							
							#353  - lesson template/guide  
						
						
						
						
					 
					
						2017-06-23 14:46:09 -04:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						b304dbb552 
					 
					
						
						
							
							Changed to develop for coverage  
						
						
						
						
					 
					
						2017-06-20 09:44:12 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						edceba73fe 
					 
					
						
						
							
							- Added testcases for bypassing frontend validation.  
						
						... 
						
						
						
						- Improved layout of the lesson
- Fixed JavaScript issues with 'let' 
						
						
					 
					
						2017-06-16 01:16:31 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						bf210de013 
					 
					
						
						
							
							Added testcase for SQL lesson 6b  
						
						
						
						
					 
					
						2017-06-16 00:33:02 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						e808abd504 
					 
					
						
						
							
							Added testcase for SQL lesson 6a  
						
						
						
						
					 
					
						2017-06-16 00:23:40 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						f1fd214580 
					 
					
						
						
							
							Added more testcases for the SQL lesson 12  
						
						
						
						
					 
					
						2017-06-15 23:49:03 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						7809057208 
					 
					
						
						
							
							Enabled the challenges again to make them visible for everybody who starts WebGoat  
						
						
						
						
					 
					
						2017-06-15 23:38:04 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						36ad73c800 
					 
					
						
						
							
							Added more mitigations for XXE  
						
						
						
						
					 
					
						2017-06-15 23:36:51 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						e9ad20cb30 
					 
					
						
						
							
							Make sure we clean all the files below the .webgoat dir  
						
						
						
						
					 
					
						2017-06-15 19:08:19 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						a484467419 
					 
					
						
						
							
							Adding extra lesson for order by clauses  
						
						
						
						
					 
					
						2017-06-15 19:08:19 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						ee912f734b 
					 
					
						
						
							
							Added SQL injection from challenge to lesson and added content for a blind sql injection  
						
						
						
						
					 
					
						2017-06-15 19:08:19 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						0740c4ba95 
					 
					
						
						
							
							Split large SQL lesson  
						
						
						
						
					 
					
						2017-06-15 19:08:19 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						b048988d2f 
					 
					
						
						
							
							Changed layout of the html tampering lesson and fixed some JavaScript issues. Added a small mitigation page.  
						
						... 
						
						
						
						Moved the lessons concerning client side validation to client side category 
						
						
					 
					
						2017-06-13 03:22:19 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						09d8fef50e 
					 
					
						
						
							
							Merge branch 'develop' of github.com:WebGoat/WebGoat into develop  
						
						
						
						
					 
					
						2017-06-12 20:02:30 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						870fa000aa 
					 
					
						
						
							
							bypass front-end restrictions (javascript validation)  
						
						
						
						
					 
					
						2017-06-13 10:09:39 +02:00