dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,312 Commits 11 Branches 78 Tags
Commit Graph

192 Commits

Author SHA1 Message Date
Nanne Baars
6b7678fb1d Remove old files 2020-03-10 08:03:48 +01:00
Nanne Baars
6c25cf8e43 Add path traversal lesson 2020-03-10 08:03:48 +01:00
René Zubcevic
a8118a14cd add support for status 403 feedback from e.g. ModSecurity/CRS 2020-02-28 23:06:42 +01:00
Nanne Baars
edd6b7d7cf Reset lesson bug (#741) 
* Remove old code from UI

* Remove old code

* Remove old functions

* Remove unnecessary divs

* Remove logging to console

* Clear lesson messages (checkmark, output text etc) when lesson resets
 2020-01-05 20:22:50 +01:00
Nanne Baars
0d7daf60d9 Fix broken e-mail link (#738) 2020-01-05 15:05:51 +01:00
René Zubcevic
b5e5dd1d13
Crypto lesson (#712) 
* crypto lesson added

* signing assignment

* integration test added for signing assignment

* added more hints

* corrections after rebase

* added some explanation

* added security defaults assignment
 2019-11-23 21:52:14 +01:00
Nanne Baars
9c0b7f8233 Fix version substitution so WebGot home directory contains version number instead of @project.version@ in the name (#710) 2019-11-17 14:33:24 +01:00
Nanne Baars
5dd6b31905 Adjust lesson template (#704) 
* Remove method `getId()` from all lessons as it defaults to the class name

* remove clean up endpoint

* remove unused class `RequestParameter`

* remove unused class `PluginLoadingFailure`

* Move `CourseConfiguration` to lesson package

* Add more content around the lesson template lesson and make it visible as a lesson in WebGoat

* Remove explicit invocation `trackProgress()` inside WebGoat framework so assignments only need to return an `AttackResult`

* Put original solution back as well for SQL string injection

* review comments

* Add
 2019-11-17 13:39:56 +01:00
Nanne Baars
f7b794bf68 Race condition in counting number of attempts #567 (#697) 
Add version to Hibernate mapping so we get optimistic locking this solves
number of parallel calls trying to update/guess and mess with the lesson
counter
 2019-11-03 18:14:15 +01:00
Nanne Baars
9b87fd602c Explicitly set session persistence to false (result in non serializable exception) 2019-10-30 08:28:14 +01:00
Nanne Baars
25dae3a4a8 Fix merge request 2019-10-30 08:28:14 +01:00
Nanne Baars
2a6b3d189e Disable csrf through property no longer works and we already have it in WebSecurityConfig. Thymeleaf templates caching is set on the resolvers themselves 2019-10-30 08:28:14 +01:00
René Zubcevic
e0ac4a1083
lessons in correct order and scoreboard visible again (#680) 2019-10-10 09:45:43 +02:00
Nanne Baars
35c1305ce9 Merge conflicts resolved 2019-09-23 07:34:27 +02:00
René Zubcevic
4777dab57a review comments processed 2019-09-18 17:46:32 +02:00
Rene Zubcevic
ec236a4ff5 First steps in XXE integration tests 2019-09-18 14:48:34 +02:00
Nanne Baars
361249c666 First attempt at moving to Spring Boot 2 2019-09-12 17:22:03 +02:00
Nanne Baars
ff530e926e Use separate project for integration tests so we can start WebGoat and WebWolf 2019-08-25 17:43:14 +02:00
René Zubcevic
ae674b9297
Merge pull request #620 from zubcevic/july2019-bugfixes 
increased sql form fields and fixed chrome progress
 2019-07-25 08:39:34 +02:00
Nanne Baars
216b29fca2 Clean up in pom files 2019-07-24 20:37:32 +02:00
René Zubcevic
f9e78739f3 reverted mandatory file encoding which will make it worse on windows 2019-07-20 09:13:21 +02:00
Rene Zubcevic
656fa40182 style sheet and advanced sql 2019-07-19 16:49:30 +02:00
Rene Zubcevic
12de48ebbb additional environment entries to support https on webgoat 2019-07-14 12:18:07 +02:00
Benedikt - Desktop
27a61f0f70 Reworked and styled quiz 2019-03-26 08:43:38 +01:00
Benedikt - Desktop
0915bf3d7f Changed checkboxes to radio buttons, since it is single choice. 
Moved css to seperate css file.
Made questions clickable not just the checkbox.
Reworked java code.
Work in Progress...
 2019-03-26 08:43:38 +01:00
Max Geldner
8b61811278 Added doc to quiz js 2019-03-26 08:43:38 +01:00
Max Geldner
4cdd649a5a Added html mode for code editor 2019-03-26 08:43:38 +01:00
Max Geldner
3a7601d348 Moved js files to global directory, added id system to question json 2019-03-26 08:43:38 +01:00
misfir3
a41ff0083c
Merge pull request #479 from misfir3/develop 
Recent updates, including Missing Function AC content & patch for Vuln Components Lesson
 2018-06-13 18:44:09 -06:00
Matthias Grundmann
bae3e75ae2 Fix minor issues in hint view 2018-06-12 11:02:16 +02:00
Matthias Grundmann
89f6a73275
Fix next page button when url doesn't end with page number 2018-06-07 19:07:58 +02:00
Jason
1734170e9e updates to missing function ac lesson 2018-06-04 16:53:13 -06:00
Nanne Baars
ecb7688e08 Update to new version for develop 
Move WebWolf to port 9090 easier since most of the time something is running on 8081
Add scripts for easy building Docker files etc
 2018-05-30 13:17:05 +02:00
Nanne Baars
f8a7a61e85 New lesson working 2018-05-26 15:09:18 +02:00
Nanne Baars
dda6f674a3 Last assignment for JWT tokens finished 2018-05-23 14:28:19 +02:00
Nanne Baars
ea9c1a453d Initial version for JWT 2018-05-23 14:28:19 +02:00
Jason
a73bf58d36 more hintview patching 2018-05-23 13:35:51 +02:00
Jason
0ff6000511 wiring jqueryui to vuln jquery #368 2018-05-23 13:35:51 +02:00
Jason
91d9db5f80 work-arounds, fixes for page initialization and some clean-up 2018-05-23 13:35:51 +02:00
pjhggns
6a5ca43e7e Strip out slash-escaped JSON sequence received in client. 
The server will slash-escape some JSON related characters before sending. Need to strip them out before using, on the client side.
 2018-05-02 22:21:22 +02:00
miig
9aa674e326 stringfy object so it's visible in the console 2018-05-02 22:04:25 +02:00
Nanne Baars
6b4a488c8c Users shared now between WebGoat and WebWolf by starting HSQLDB 
as standalone database
 2018-05-01 22:00:07 +02:00
Nanne Baars
11ffa5702c Added "WebWolf" enabled to the lessons which support the usage of WebWolf 2018-04-29 15:02:19 +02:00
Nanne Baars
e4ca0c4836 Make report working again 2018-04-27 19:26:01 +02:00
Nanne Baars
e422da4c64 Polling for lesson updates (updates the menu and page navigation) 2018-04-27 18:50:13 +02:00
Nanne Baars
245ba2c3d1 Fix XXE lesson, the exact .webgoat directory including version number will be put in the lesson. 2018-04-24 20:44:05 +02:00
nbaars
98efc1235f By default binds to ALL network interfaces #431 2018-01-29 15:32:02 +01:00
nbaars
04ccf9a422 New release should create a new webgoat directory with version tag inside #423 2018-01-21 17:46:43 +01:00
nbaars
05d8b590f3 Merge tag '8.0.0' into develop 
Release 8.0.0
 2017-12-30 16:52:24 +01:00
nbaars
c6e86861fe Removed Mongodb, so we do not have issues with downloading the embedded Mongodb. Moved back to JPA and use HSQLDB for storing user information. 2017-12-29 22:12:21 +01:00