dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,456 Commits 11 Branches 78 Tags
Commit Graph

638 Commits

Author SHA1 Message Date
Nanne Baars
59e04dee6e Fix typo 2021-03-15 17:48:13 +01:00
Nanne Baars
5a16ea514a Fix quiz 2021-03-15 17:48:13 +01:00
Nanne Baars
8d2d82764f Assignment 8 loads JWT key again 2021-03-15 17:48:13 +01:00
Nanne Baars
dedb2f9fef Open new tab when clicking on JWT link for WebWolf 2021-03-15 17:48:13 +01:00
Nanne Baars
8b89667d9d Fix quiz, first should be second 2021-03-15 17:48:13 +01:00
Nanne Baars
d4da2d0efa Convert lesson into using DB instead of using regular expression to check the solution 2021-03-15 17:48:13 +01:00
Nanne Baars
c798e4be32 Fix JWT integration tests 2021-03-15 17:48:13 +01:00
Nanne Baars
f2ab5c1968 Update JWT lesson 2021-03-15 17:48:13 +01:00
Nanne Baars
142631c7a0 WIP 2021-03-15 17:48:13 +01:00
Maxim Masiutin
ad5ab4ca2e
Fixes #321 (#935) 
Copyright year was "20014", replaced to "2014"
Fixed the old github.io URL which no longer exist
See https://github.com/WebGoat/WebGoat/issues/321
 2021-02-18 19:06:11 +01:00
strollingHeifer
522f6b5fff
Fixed a typo (#936) 
Fixed a typo in the documentation and added a colon for better readability
 2021-02-18 19:04:00 +01:00
avivmu
215b3b4e78
Remove redundant escaping in regex (#929) 2021-02-11 15:13:38 +01:00
NatasG
00c4be63f0
Fix sql injection line comments issue. (#925) 2021-01-19 10:47:04 +01:00
Kelly Marchewa
2e581d6bdb
docs: update SQLi lesson text (#928) 
- corrected typos/grammar issues
  - restructured sentences for clarity
 2021-01-19 10:29:16 +01:00
avivmu
b20f6492a3
Simplify regex (#927) 2021-01-15 14:36:04 +01:00
avivmu
74b218b2a7
Use try with resources instead of try (#921) 
* Use try with resources instead of try

* Remove unused lesson

* Remove unused fields
 2021-01-13 18:21:04 +01:00
René Zubcevic
b219854f81
fix in case external site is down (#919) 2021-01-11 20:15:23 +01:00
avivmu
dea4a9d2a9
Small improvements (#918) 
* Typo fix

* No need to use thread-safe object

* Use String case in-sensitive equals
 2021-01-11 16:38:14 +01:00
René Zubcevic
60c7fdd0db activation button tested 2020-12-09 19:40:16 +01:00
René Zubcevic
bce4c775bf initial idea for explanation on static code analysis and experience of the fix 2020-12-09 19:40:16 +01:00
Gabriel M. Schuyler
b1495a8cd5
Fix typo (#909) 2020-12-03 14:23:23 +01:00
René Zubcevic
574039902d changed version to snapshot version and introduced revision parameter 
for it
 2020-11-27 12:15:19 +01:00
Eskil Andréen
74cca6d185
Add missing trailing double quote in sql query (#897) 2020-11-19 07:45:07 +01:00
Nanne Baars
488a8e934a #843: Add readonly field and update the layout of the assignment 2020-11-04 20:35:05 +01:00
Nanne Baars
753a2db958 #846: add extra test to verify whether the solution is solved for the original user as well 2020-11-04 20:35:05 +01:00
Nanne Baars
37e9359c9e #841: Clarify the lesson based on the comments 
- Output messages more clear
- Replace success to failure (otherwise lesson is marked complete immediately)
- Fix the layout of the lesson (remove whitespace update buttons)
 2020-11-04 20:35:05 +01:00
Nanne Baars
7b8523dcab #839: fix the SQL statement as this one does not express that the orderBy clause input is user input 2020-11-04 20:35:05 +01:00
Nanne Baars
dac011db78 fix failing test (order) 2020-10-21 08:05:53 +02:00
Nanne Baars
41879c4603 Blind XXE lesson blocks including the file in the comment directly 2020-10-20 22:09:49 +02:00
Nanne Baars
641d75e734 Link to the original lesson for the goal 2020-10-20 22:09:49 +02:00
Kelly Marchewa
e4ec90db8a chore: update CIA grammar and content 
- misc. grammatical edits
  - add a few more examples
 2020-10-15 08:39:28 +02:00
René Zubcevic
d5f78351a2
lesson pages updated based on comments for #834 and #836 (#864) 2020-08-23 15:36:01 +02:00
René Zubcevic
ef6993c636 improving lesson due to issue #845 2020-07-09 19:21:42 +02:00
René Zubcevic
db9e1c4c4f first step 2020-07-09 19:21:42 +02:00
René Zubcevic
317573c897
Small fixes june 2020 (#857) 
* issue 849

* another integration test for a challenge

* fixing issue 848

* updated link for issue 833

* fix for 847
 2020-07-08 19:26:09 +02:00
Roy Stultiens
ba8444dd85
Update 1proxysetupsteps.adoc (#854) 
thanks for the fix
 2020-07-04 08:00:32 +02:00
Mike Robinson
219aad0bbc
Correcting incorrect information (#835) 
Thanks for the improvement. Hope you liked the lesson.
 2020-06-19 17:00:43 +02:00
Elie De Brauwer
98d17433f1 HTML Tampering mitigation: Typo fixes 2020-05-25 09:09:26 +02:00
Elie De Brauwer
11a7814626 Dinis Cruz Blog 
This was discussed in ticket https://github.com/WebGoat/WebGoat/issues/724 however the Dinis Cruz Blog remains available through a blogspot.com URL which might be more interesting to reference than an web.archive.org link.
 2020-05-25 09:08:55 +02:00
Elie De Brauwer
5311db8564 XSS Quiz: Fix 404 
The original URL was malformed because it contained a closing ) which did not end up in the link. However the corrected link performs a redirect to the link provided in this patch.
 2020-05-25 09:08:09 +02:00
Elie De Brauwer
ae156a4a0f Function AC User: Spelling and grammar fixes. 2020-05-25 09:07:31 +02:00
Elie De Brauwer
9576c6b9da Function AC Lesson 1: Spelling and grammar fixes. 2020-05-25 09:07:31 +02:00
Elie De Brauwer
6c83457231 Function ac intro: Spelling and grammar update 2020-05-25 09:07:31 +02:00
Elie De Brauwer
060851a4a2 IDOR_intro.adoc: Fix 404 
The closing ')' in the URL was not taken up in the link causing a 404 when clicking the URL.
 2020-05-24 09:57:29 +02:00
Elie De Brauwer
671691a5ed XXE_changing_content_type.adoc: Typo fixes 2020-05-24 09:56:43 +02:00
Elie De Brauwer
f326755190 XXE_intro.adoc: Typo fixes 2020-05-24 09:56:43 +02:00
Elie De Brauwer
99edda6029 XXE_plan.adoc: Typo fixes 2020-05-24 09:56:43 +02:00
Elie De Brauwer
717f852680 InsecureLogin_intro.adoc: Typo fix 2020-05-24 09:56:43 +02:00
Elie De Brauwer
c42d6b15c3 SecurePasswordsAssignment: Fix output formatting 
- When solving the solution (entering a correct password) then the 'Score: 4/4' does not start on a new line, instead it is glue to the Estimated cracking time line. As a solution the </br> is added as a suffix on that line (and successive lines).
- Maximum score is 4, not 5 (see also the assignment, and https://github.com/nulab/zxcvbn4j/blob/master/src/main/java/com/nulabinc/zxcvbn/TimeEstimates.java#L23 which is the origin of getScore() )
 2020-05-24 09:56:01 +02:00
Elie De Brauwer
dfa3242aeb Delete unused PasswordReset_password_reset_link.adoc 
Not referenced in webgoat-lessons/password-reset/src/main/resources/html/PasswordReset.html, looks like a placeholder/dead code.
 2020-05-24 09:39:18 +02:00