dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,311 Commits 11 Branches 78 Tags
Commit Graph

55 Commits

Author SHA1 Message Date
Nanne Baars
6c25cf8e43 Add path traversal lesson 2020-03-10 08:03:48 +01:00
Tiago Mussi
c4c28f544f Fixed CSRF broken links. 2020-03-06 17:15:10 +01:00
René Zubcevic
4e371b63d0
suppressing some useless log messages and banners in unit tests (#752) 
* suppressing some useless log messages and banners in unit tests

* some more log suppressed
 2020-01-25 12:11:45 +01:00
Nanne Baars
71f2d2968f Fix NPE when request does not contain parameter (#739) 2020-01-05 15:14:53 +01:00
Nanne Baars
5dd6b31905 Adjust lesson template (#704) 
* Remove method `getId()` from all lessons as it defaults to the class name

* remove clean up endpoint

* remove unused class `RequestParameter`

* remove unused class `PluginLoadingFailure`

* Move `CourseConfiguration` to lesson package

* Add more content around the lesson template lesson and make it visible as a lesson in WebGoat

* Remove explicit invocation `trackProgress()` inside WebGoat framework so assignments only need to return an `AttackResult`

* Put original solution back as well for SQL string injection

* review comments

* Add
 2019-11-17 13:39:56 +01:00
Nanne Baars
f40b6ffd31 Moving back to snapshot 2019-11-13 12:27:26 +01:00
Nanne Baars
fe2ac1b8d4 New release, updating pom.xml 2019-11-12 09:22:45 +01:00
Nanne Baars
1a83e2825e Code style (#696) 
* Remove Guava dependency from WebGoat

* Add Checkstyle to the project with very basic standards so we have a
style across lessons. It does not interfere with basic Intellij formatting
 2019-11-03 18:11:09 +01:00
Rene Zubcevic
6dc679e7b8 final tests and fixed the issue of getting the name of the loggedinuser 2019-10-15 13:59:18 +02:00
Rene Zubcevic
00873cfe3f csrf7 test cases added 2019-10-15 13:59:18 +02:00
Rene Zubcevic
e932253f06 initial test cases added 2019-10-15 13:59:18 +02:00
Nanne Baars
e8d086ac9b All successful 2019-09-20 07:59:04 +02:00
Nanne Baars
82ad0a7cc7 Finally working 2019-09-18 17:53:43 +02:00
Nanne Baars
2b01cbcb75 Fixed last tests 2019-09-16 07:43:22 +02:00
Nanne Baars
f774364461 Working unit tests 2019-09-13 20:05:25 +02:00
Nanne Baars
361249c666 First attempt at moving to Spring Boot 2 2019-09-12 17:22:03 +02:00
Matthias Grundmann
139651615e Make lesson csrf-7 stricter (do not allow invalid JSON, e.g. trailing =) 2019-08-22 17:44:52 +02:00
Nanne Baars
216b29fca2 Clean up in pom files 2019-07-24 20:37:32 +02:00
Matthias Grundmann
97f66545e0
In CSRF-3 use POST instead of GET to prevent solving the assignment just by opening the URL in a new tab 2019-07-12 17:25:58 +02:00
Nanne Baars
98537426f2 SNAPSHOT version 2019-05-03 11:15:11 +02:00
Nanne Baars
9b0c4e62c2 New release, updating pom.xml 2019-05-03 09:50:01 +02:00
Nanne Baars
bd86dc6ee0 SNAPSHOT version 2019-02-09 18:20:08 +01:00
Nanne Baars
6c86929aa6 New release, updating pom.xml 2019-02-08 14:20:23 +01:00
Nanne Baars
631fedb752 New release, updating pom.xml 2019-01-18 08:45:44 +01:00
Nanne Baars
9be4361afc New release, updating pom.xml 2019-01-18 08:37:26 +01:00
Nanne Baars
ec225558b9 Move to latest Spring Boot version and move to Java 11 2018-12-15 13:59:54 +01:00
Nanne Baars
1252e3dc21 Update instructions to use docker-compose only 2018-07-17 20:17:35 +02:00
Nanne Baars
ac12a009e4 New release v8.0.0.M20 2018-06-20 18:05:59 +02:00
Nanne Baars
9dd93d88d9 New release v8.0.0.M19 2018-06-20 16:40:28 +02:00
Nanne Baars
12123ef13b Merge branch 'release/v8.0.0.M18' 2018-06-20 16:32:31 +02:00
Matthias Grundmann
c7da546249 Improve text for lesson about CSRF login 2018-06-16 17:52:18 +02:00
misfir3
701a99cf8f
Merge pull request #487 from matthias-g/xssFixes 
Small lesson improvements
 2018-06-13 18:42:14 -06:00
Matthias Grundmann
e5ec2c1ee0
Fix html attribute 2018-06-13 17:56:57 +02:00
Matthias Grundmann
3b9b695ef1 Check host header instead of origin which might not be present #475 2018-06-13 11:38:33 +02:00
Nanne Baars
26aa72e721 New release 2018-05-30 20:54:13 +02:00
Nanne Baars
c510bd9bf1 New develop version 2018-05-30 20:37:25 +02:00
Nanne Baars
c7a714a590 Move to next release 2018-05-30 17:05:50 +02:00
Nanne Baars
ecb7688e08 Update to new version for develop 
Move WebWolf to port 9090 easier since most of the time something is running on 8081
Add scripts for easy building Docker files etc
 2018-05-30 13:17:05 +02:00
Nanne Baars
55793dd153 New release v8.0.0.M15 2018-05-27 20:54:50 +02:00
Nanne Baars
1edceb0aa8 Extended and fixed some lessons 2018-05-27 20:37:44 +02:00
Nanne Baars
ea9c1a453d Initial version for JWT 2018-05-23 14:28:19 +02:00
miig
5d28ef9fbe small fix for CSRF content type lesson descrption 2018-05-02 22:10:06 +02:00
Nanne Baars
f30db3abfc New version number 2018-04-11 20:45:12 +02:00
nbaars
b99b554522 Version: docker 8.0.0.M9 Multiple users can't finalize the same lesson #432 2018-01-29 15:29:48 +01:00
Nanne Baars
43b82027f5 Added more content for CSRF lesson 2017-11-22 01:34:05 +01:00
Nanne Baars
f91f77708a New version 2017-11-02 21:44:30 +01:00
Nanne Baars
a11d3d0b1b - Made movie little bit shorter because webgoat-server.jar was over 200Mb 
- Movie was copy and pasted to csrf and auth lesson removed it from those lessons
- Made jars which are not necessary in the webgoat-server.jar optional
 2017-11-02 15:39:49 +01:00
Nanne Baars
1ecb43092d Bumped version number 2017-10-18 19:58:14 +02:00
Nanne Baars
8250b4048f Updating version number 2017-10-18 19:43:33 +02:00
Jason White
49c3008fe2 Typo fix for CSRF content 2017-10-13 10:33:38 -06:00