69a93f30d2 
					 
					
						
						
							
							update documentation  
						
						
						
						
					 
					
						2021-12-15 17:46:24 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						0658fcefcd 
					 
					
						
						
							
							update documentation  
						
						
						
						
					 
					
						2021-12-15 17:46:03 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						d41d21b2e6 
					 
					
						
						
							
							Update the documentation  
						
						
						
						
					 
					
						2021-12-15 17:45:52 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						939f860ddd 
					 
					
						
						
							
							renamed spoof-cookie form  
						
						
						
						
					 
					
						2021-12-08 19:37:10 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						d496c929b3 
					 
					
						
						
							
							Use variables to check WebWolf host and port  
						
						... 
						
						
						
						WebWolf can start on a different port, the assignment should take this into account and not check for a hardcoded value.
Resolves : #1055  
						
						
					 
					
						2021-11-23 13:22:08 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						f8dda37027 
					 
					
						
						
							
							Rename properties  
						
						... 
						
						
						
						Rename `webwolf.url.*` to `webwolf.*.url` making it easier to move to a configuration class as no nested property is necessary 
						
						
					 
					
						2021-11-23 13:22:08 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						dd2e9f074d 
					 
					
						
						
							
							Hijack Session Lesson  
						
						
						
						
					 
					
						2021-11-19 13:07:49 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						fc6b0f28df 
					 
					
						
						
							
							Add endpoint for the JavaScript to post to  
						
						... 
						
						
						
						The JavaScript posts to a random endpoint resulting in a HTTP/405 we now post to an existing endpoint.
Resolves : #1142  
						
						
					 
					
						2021-11-16 16:34:14 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						f13632578d 
					 
					
						
						
							
							Fix layout of assignment and remove duplicate feedback  
						
						... 
						
						
						
						Resolves : #1143  
					
						2021-11-16 16:34:02 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						b23b428763 
					 
					
						
						
							
							Fix spelling/grammar  
						
						... 
						
						
						
						Resolves : #1143  
					
						2021-11-16 16:34:02 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						32a41debad 
					 
					
						
						
							
							Fix spelling/grammar and reference to ZAP 2.8.0  
						
						... 
						
						
						
						Resolves : #1141  
					
						2021-11-16 16:33:48 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						fafddda82a 
					 
					
						
						
							
							Update ZAP instructions  
						
						... 
						
						
						
						We reference ZAP 2.8.0 explicitly which is not necessary. Also the way ZAP works changed, we no longer need to change the port as ZAP will report there is a conflict during startup.
Resolves : #1141  
						
						
					 
					
						2021-11-16 16:33:48 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						5bf33db78f 
					 
					
						
						
							
							Remove obsolete hints  
						
						
						
						
					 
					
						2021-11-16 16:33:36 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						20d7015dff 
					 
					
						
						
							
							Move unit test to JUnit 5  
						
						
						
						
					 
					
						2021-11-16 16:33:36 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						2fbc52e6a2 
					 
					
						
						
							
							Remove some unused code  
						
						
						
						
					 
					
						2021-11-16 16:33:36 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						ab0433bb67 
					 
					
						
						
							
							Fix link and typo  
						
						... 
						
						
						
						The link pointed to the old OWASP website. Also fixed some typos here and there
Resolves : #1136  
						
						
					 
					
						2021-11-16 16:33:10 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						f2f7f36a6d 
					 
					
						
						
							
							Fix typo in hints  
						
						... 
						
						
						
						The hints for JWT used `jwt` instead of `JWT` which makes it difficult to solve the lesson as the hint actually points someone in the wrong direction.
Resolves : #123  
						
						
					 
					
						2021-11-16 16:32:57 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						3ad51e6d6b 
					 
					
						
						
							
							Rewrite lesson to be self-contained and not depend on the core of WebGoat for fetching users  
						
						... 
						
						
						
						Split the assignment into 2 assignments 
						
						
					 
					
						2021-11-16 16:32:43 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						2bd6b36210 
					 
					
						
						
							
							Fix layout assignment 2  
						
						
						
						
					 
					
						2021-11-16 16:32:43 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						bcaf4485c2 
					 
					
						
						
							
							Move css to lesson itself  
						
						
						
						
					 
					
						2021-11-16 16:32:43 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						cd2e1c1c09 
					 
					
						
						
							
							Fix spelling issues  
						
						
						
						
					 
					
						2021-11-16 16:32:43 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						c7e04cef97 
					 
					
						
						
							
							Add logging to pom.xml  
						
						
						
						
					 
					
						2021-11-16 16:24:45 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						fa2769cb25 
					 
					
						
						
							
							Updating poms  
						
						
						
						
					 
					
						2021-11-16 16:24:45 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						1a64fcd8d4 
					 
					
						
						
							
							Recommit logging lesson as PR got a lot of conflicts  
						
						
						
						
					 
					
						2021-11-16 16:24:45 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						ff67ee6484 
					 
					
						
						
							
							Update to correct version  
						
						
						
						
					 
					
						2021-10-04 14:40:19 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						a7b9954d0f 
					 
					
						
						
							
							1101: fix quoting in statement  
						
						
						
						
					 
					
						2021-10-02 17:39:26 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						dfa0e1cdca 
					 
					
						
						
							
							XSS Lesson one boolean response  
						
						... 
						
						
						
						Signed-off-by: Àngel Ollé Blázquez <angel@olleb.com > 
						
						
					 
					
						2021-10-02 01:09:52 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						14a6efedf3 
					 
					
						
						
							
							Add extra documentation for using the correct algorithm but removing the signature.  
						
						
						
						
					 
					
						2021-09-29 15:21:09 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						362248a065 
					 
					
						
						
							
							Fix token signature validation  
						
						
						
						
					 
					
						2021-09-29 13:51:17 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						04d1293a33 
					 
					
						
						
							
							#1045 : Run build with Java 16  
						
						
						
						
					 
					
						2021-09-23 16:09:28 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						8e567b0f86 
					 
					
						
						
							
							Spoofing an Authentication Cookie lesson  
						
						
						
						
					 
					
						2021-09-23 15:51:17 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						42369816c9 
					 
					
						
						
							
							1026 ( #1047 )  
						
						... 
						
						
						
						* Move back to Java 15 as XML parsers fail with XXE lesson
* Documentation improvement 
						
						
					 
					
						2021-09-17 13:46:58 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						7ec6826abc 
					 
					
						
						
							
							#1031 : Fix lesson  
						
						... 
						
						
						
						- Hints not shown
- Add more hints
- Incorrect grant statement in lesson as example (removed it) 
						
						
					 
					
						2021-09-05 14:32:55 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						a14e84d5c5 
					 
					
						
						
							
							#1039 : Fix token  
						
						... 
						
						
						
						Replace `name` with `user` and add `admin` 
						
						
					 
					
						2021-09-05 13:07:56 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						14ab2faeaf 
					 
					
						
						
							
							Bump jsoup in /webgoat-lessons/cross-site-scripting  
						
						... 
						
						
						
						Bumps [jsoup](https://github.com/jhy/jsoup ) from 1.13.1 to 1.14.2.
- [Release notes](https://github.com/jhy/jsoup/releases )
- [Changelog](https://github.com/jhy/jsoup/blob/master/CHANGES )
- [Commits](https://github.com/jhy/jsoup/compare/jsoup-1.13.1...jsoup-1.14.2 )
---
updated-dependencies:
- dependency-name: org.jsoup:jsoup
  dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com > 
						
						
					 
					
						2021-09-04 16:28:15 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						6aaa743302 
					 
					
						
						
							
							Fix vulnerable components lesson for Java 16.  
						
						
						
						
					 
					
						2021-09-04 16:08:33 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						d566080a79 
					 
					
						
						
							
							fix typo  
						
						
						
						
					 
					
						2021-08-14 10:52:16 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						60bd04b9aa 
					 
					
						
						
							
							Move to snapshot version  
						
						
						
						
					 
					
						2021-07-29 11:13:16 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						a641a19615 
					 
					
						
						
							
							Add zip slip to path traversal lesson  
						
						
						
						
					 
					
						2021-05-23 21:18:56 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						81c551552b 
					 
					
						
						
							
							Fix layout issue image  
						
						
						
						
					 
					
						2021-05-23 20:11:23 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						69a370f438 
					 
					
						
						
							
							New release, updating pom.xml  
						
						
						
						
					 
					
						2021-05-23 20:11:23 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						a53ba0af5c 
					 
					
						
						
							
							Fix for accidentally disabled integration tests ( #997 )  
						
						... 
						
						
						
						* drop column is no longer required due to better db seperation
'
* integration test fix with BeforeAll 
						
						
					 
					
						2021-05-19 18:20:31 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						a1071e9c00 
					 
					
						
						
							
							Fix return type of asciidoctor macro implementation.  
						
						
						
						
					 
					
						2021-04-23 15:11:56 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						38f1d52bf3 
					 
					
						
						
							
							Corrected typos and poor grammar found in the SQL Injection lessons.  
						
						
						
						
					 
					
						2021-04-16 13:29:01 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						e49f5d610f 
					 
					
						
						
							
							#961 : Give each user its own schema for the lessons  
						
						... 
						
						
						
						This way we can reset a lesson using the database for each user and not for all users at once.
Also solves the issue that when someone solves the lesson it is solved for all users on the same WebGoat instance 
						
						
					 
					
						2021-04-16 13:28:07 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						d0f36f5227 
					 
					
						
						
							
							Fix failing XXE test  
						
						
						
						
					 
					
						2021-04-03 22:31:27 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						b3f7a5338e 
					 
					
						
						
							
							Update to latest versions  
						
						
						
						
					 
					
						2021-04-03 10:58:22 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						abf431fffb 
					 
					
						
						
							
							Remove unnecessary plugins in subprojects  
						
						
						
						
					 
					
						2021-04-03 10:58:08 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						82198424df 
					 
					
						
						
							
							Corrected typos and poor grammar found in the SQL Injection lessons.  
						
						
						
						
					 
					
						2021-04-02 21:31:11 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						ba2cb7d14f 
					 
					
						
						
							
							#974 : Update the lesson text  
						
						
						
						
					 
					
						2021-04-02 07:31:19 +02:00