5739705d8a
Process review comments
2020-05-22 10:10:42 +02:00
9b72610510
Extend XXE lesson with more content and add solution description
...
Remove obsolete images
Add stylesheet items specific for asciidoctor so we can for icons and source numbering
2020-05-22 10:10:42 +02:00
c4a046bd12
Ch1 less default ( #814 )
...
* random pincode in challenge1
* unit test fix
2020-05-12 08:49:48 +02:00
f520c3589c
flag submission fixed ( #812 )
2020-05-07 11:04:00 +02:00
832d6432fc
fix for JWT green button and WebWolf intro green button and added jwt int tests ( #808 )
2020-05-07 08:28:45 +02:00
f4838e1233
add int test for acl
2020-05-01 09:15:29 +02:00
70771ee854
added a webwolf template error page with some explanation and updated 2017 to 2020
2020-04-30 10:21:53 +02:00
9dea696c4c
added int test for IDOR and fixed green button issue ( #801 )
2020-04-29 12:12:11 +02:00
2398949396
added ace js for java
2020-04-28 09:33:54 +02:00
57c008a697
Fix reading file, added try/catch and added tests
2020-04-28 09:25:39 +02:00
2614044918
Fix copying of pictures to WebGoat home directory
2020-04-27 13:07:23 +02:00
1aad57ba55
Fix the syntax differences between HSQL and Postgres
2020-04-27 11:45:41 +02:00
54610868fe
Fix the syntax differences between HSQL and Postgres
2020-04-27 11:45:41 +02:00
4831338649
Remove explicit HSQLDB property from WebGoat and use the Spring Boot version
2020-04-27 11:45:41 +02:00
3bb7ee46bd
Upgrade to Postgres 10
2020-04-27 11:45:41 +02:00
1a9ce15e99
fix typo (hint3 will not be shown)
2020-04-27 10:44:39 +02:00
9063b4137f
fix 404 links
2020-04-27 10:44:39 +02:00
d7ae3a4391
fix typo
2020-04-27 10:44:39 +02:00
db66c1dd02
fix number of steps
2020-04-27 10:44:39 +02:00
608728b135
fix asciidoc italic format
2020-04-27 10:44:39 +02:00
88eb4d7b26
ace editor added without all the nonsense around it
2020-04-26 16:45:56 +02:00
58bc94d1f6
fix green buttons
2020-04-22 16:37:00 +02:00
6f532683a1
lessonplan character updates so it also works on Windows Cp125
2020-04-20 12:54:18 +02:00
6b68a12449
Set more conditions for releasing
2020-04-19 15:42:50 +02:00
27bf08ad5c
Deploy and release on Java 11
2020-04-19 15:42:50 +02:00
52b66ed506
Java 12 is EOL so no need to support it
2020-04-19 15:42:50 +02:00
a5350060e1
Add dummy extra method with return type AttackResult because every assignment needs at least one such mapping (in the challenges case this is optional but since the challenges are an extra thing and this is the only assignment which has no such method adding a dummy method makes sense)
2020-04-19 15:42:50 +02:00
4f649234a9
Fix Java 11 issue where the order of methods returned in AssignmentEndpoint subclasses returned wrong method for determining the mapping of an assignment. Now we walk over all methods until we find one which has for example a @GetMapping with AttackResult or ResponseEntity<AttackResult as return type. If no such method is found an exception is thrown
2020-04-19 15:42:50 +02:00
96412da04e
Remove unused imports and parameters
2020-04-19 15:42:50 +02:00
0015394582
Fix typo
2020-04-19 15:42:50 +02:00
9cb63a7c43
Update to latest surefire plugin otherwise new JUnit 5 test fails
2020-04-19 15:42:50 +02:00
561fb1f7f4
Build matrix for building
2020-04-19 15:42:50 +02:00
3b7481c2a7
Update method signature
2020-04-19 15:42:50 +02:00
f1768bd9a5
small update
2020-04-19 15:42:50 +02:00
407e19638f
Add two more assignments for SQL injection where only filtering is applied.
2020-04-19 15:42:50 +02:00
122cc323f2
Changed the order of explanation of setting up ZAP/Burp a bit (feedback from workshop). This makes the necessary steps more explicit by moving all extra configuration for https etc to the back. So when you follow the lesson you will only setup the minimal and not get confused about things which are only necessary in certain cases
2020-04-19 15:42:50 +02:00
9509993a8f
all tests complete for Password Reset ( #785 )
2020-04-17 15:54:24 +02:00
25e66ae412
use of script console in stead of browser address bar
2020-04-17 15:33:26 +02:00
089952e9ad
quiz fix for CIA, SQL Injection Advanced and XSS + XSS description
...
change in alert(document.cookie)
2020-04-17 15:33:26 +02:00
efc5a870a0
Path traversal windows unittest fix ( #780 )
...
* fixes to support windows and linux/unix/mac
* fix in matcher
2020-04-14 16:13:43 +02:00
0638cae6e5
corrected hints and improved error handling base64 ( #781 )
2020-04-14 16:13:25 +02:00
b8abc99faf
fix for scoreboard after js refactoring
2020-04-08 12:05:01 +02:00
e921fb66a9
actual working version of vulnerable components part 5
2020-04-08 12:05:01 +02:00
e25f7a7560
clean up and update js
2020-04-08 12:05:01 +02:00
c4ae9ae2ab
migrate to JUnit 5 code
2020-04-06 16:02:15 +02:00
c4153ecbfb
Maven owasp dep update ( #776 )
...
* add pmd and owasp dependency check through -P owasp profile
* suppress full stack trace in log
* revert to spring 2.2.0 as 2.2.4 failed in travis
* added owasp dependency check maven configuration details to vulenerable
lesson page 7
2020-04-06 16:01:09 +02:00
bb6d06713f
Fix failing test
2020-03-10 08:03:48 +01:00
14022d88c9
Last assignment now filters out .. and / so encoding plays a role now
2020-03-10 08:03:48 +01:00
d4966b5e71
Fix test cases
2020-03-10 08:03:48 +01:00
b3840e60e3
Fix lessons
2020-03-10 08:03:48 +01:00
