Commit Graph

2700 Commits

Author SHA1 Message Date
489bff08f8 cleaning up a bit
git-svn-id: http://webgoat.googlecode.com/svn/trunk@255 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-01-10 10:47:33 +00:00
457a868113 adding XHR lesson
git-svn-id: http://webgoat.googlecode.com/svn/trunk@254 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-01-10 10:46:57 +00:00
4066296d30 changing name of lesson
git-svn-id: http://webgoat.googlecode.com/svn/trunk@253 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-01-10 10:46:18 +00:00
b3591580a9 clarifying instructions and importing a .js
git-svn-id: http://webgoat.googlecode.com/svn/trunk@252 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-01-10 10:45:44 +00:00
dc3ad6453d adding backup files
git-svn-id: http://webgoat.googlecode.com/svn/trunk@251 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-01-10 10:45:23 +00:00
f27dae0773 changing location of RegexMatch.dll
git-svn-id: http://webgoat.googlecode.com/svn/trunk@250 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-01-10 10:45:07 +00:00
8e1fb2caa3 added console debugging line
git-svn-id: http://webgoat.googlecode.com/svn/trunk@249 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-01-10 10:44:56 +00:00
2bb4df8ef1 added console debugging line
git-svn-id: http://webgoat.googlecode.com/svn/trunk@248 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-01-10 10:44:43 +00:00
ebfcd02a9f updating AJAX lesson plans
git-svn-id: http://webgoat.googlecode.com/svn/trunk@247 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-01-10 10:44:27 +00:00
a84d0e951d making ajax impovements
Also convert SQL server file from Unix to DOS line endings


git-svn-id: http://webgoat.googlecode.com/svn/trunk@246 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-01-10 10:44:09 +00:00
a8c87e0704 Move the SQL Server instructions into a single file
Previously, the solution to this lesson involved a complex
set of operations, loading assemblies, creating functions, etc

Now that that is all done during the set up phase, and is not
expected of the student, the solution is easy to fit into
the instructor file.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@245 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-01-10 10:14:46 +00:00
1621a39e35 Provide an example of how to override the default setting using environment variables
git-svn-id: http://webgoat.googlecode.com/svn/trunk@244 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-01-10 10:14:30 +00:00
12554493cd Change the default Oracle password back to webgoat (no _)
No good reason to change it actually.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@243 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-01-10 10:14:27 +00:00
71330946f4 Make it possible to override WebGoat context settings via environment variables
git-svn-id: http://webgoat.googlecode.com/svn/trunk@242 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-01-10 10:14:17 +00:00
c31ef90a3d Allow overriding of the WebGoat context setting via environment variables
git-svn-id: http://webgoat.googlecode.com/svn/trunk@241 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-01-10 10:14:06 +00:00
36b32849df Add support for MS SQL Server in the DB Labs
git-svn-id: http://webgoat.googlecode.com/svn/trunk@240 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-01-10 10:13:52 +00:00
900a222316 Change the default webgoat password
Add an underscore to the password to allow us to keep the same
password across multiple platforms, including those that enforce
password quality (e.g. SQL Server)


git-svn-id: http://webgoat.googlecode.com/svn/trunk@239 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-01-10 10:13:21 +00:00
cb2a3784b6 Change DBSQLInjection lesson to count the matched rows
This is an improvement over expecting the stored proc
to throw an exception, and is more portable


git-svn-id: http://webgoat.googlecode.com/svn/trunk@238 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-01-10 10:13:13 +00:00
0149a699a3 minor bug fixes.
Minor updates to concurrency cart


git-svn-id: http://webgoat.googlecode.com/svn/trunk@237 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-01-10 10:12:44 +00:00
1ce614f733 Merge with major changes made by Aspect
Several new lessons added


git-svn-id: http://webgoat.googlecode.com/svn/trunk@236 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-01-10 10:12:31 +00:00
137b7c813c several minor bug fixes.
UpdateProfile uses prepared statements.
ReflectedXSS "code" input field vulnerable to XSS.
Minor updates to concurrency cart


git-svn-id: http://webgoat.googlecode.com/svn/trunk@235 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-01-10 10:11:50 +00:00
6c9c53b938 Remove some unused imports
git-svn-id: http://webgoat.googlecode.com/svn/trunk@234 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-01-10 10:11:27 +00:00
c3cee22113 Fix database connetion handling.
Oracle requires us to close our connections after each
request (or else implement a connection pool), otherwise
we will end up running out of available connections.

While the mechanism for doing this was added in a previous
change, actually using it correctly was omitted somehow.
Fix that now.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@233 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-01-10 10:11:12 +00:00
aab0125c50 Synchronize access to the DatabaseUtilities core methods
git-svn-id: http://webgoat.googlecode.com/svn/trunk@232 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-01-10 10:10:39 +00:00
531991f26d Replace the "Stage n" text in the instructions
Since we now use a link in the menu to choose a stage, rather than the
drop down, we need the Stage number to be visible


git-svn-id: http://webgoat.googlecode.com/svn/trunk@231 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-01-10 10:10:29 +00:00
8b21a7785e Update the DB lessons
git-svn-id: http://webgoat.googlecode.com/svn/trunk@230 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-01-10 10:10:10 +00:00
d9cf56268e Fix line endings
git-svn-id: http://webgoat.googlecode.com/svn/trunk@229 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-01-10 10:09:49 +00:00
427832411c Fix line endings
git-svn-id: http://webgoat.googlecode.com/svn/trunk@228 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-01-10 10:09:41 +00:00
5457faf9a3 Add Rogan Dawes to the challenge screen as a contributor
git-svn-id: http://webgoat.googlecode.com/svn/trunk@227 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-01-10 10:09:33 +00:00
647c0c4a34 Allow accessing Web Services when WebGoat is on a non-standard port
git-svn-id: http://webgoat.googlecode.com/svn/trunk@226 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-01-10 10:09:27 +00:00
64ce7068c4 Move the Thread Safety lesson into the Concurrency category
git-svn-id: http://webgoat.googlecode.com/svn/trunk@225 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-01-10 10:09:13 +00:00
92072f3921 Update the Challenge Stage 2 to be more realistic
git-svn-id: http://webgoat.googlecode.com/svn/trunk@224 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-01-10 10:09:00 +00:00
af8e61eb9f Change the line endings on the instructions
git-svn-id: http://webgoat.googlecode.com/svn/trunk@223 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-01-10 10:08:48 +00:00
2fd09c3084 Add a new Concurrency lesson
Created by Ryan Knell @Aspect Security


git-svn-id: http://webgoat.googlecode.com/svn/trunk@222 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-01-10 10:08:45 +00:00
3b128c8ebb Removed space from path information
git-svn-id: http://webgoat.googlecode.com/svn/trunk@221 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-01-09 19:50:49 +00:00
84ca966ce5 Added client side validation to HiddenFieldTampering.java, added a new ECS makeButton with a OnClick function, corrected authorship in several files
git-svn-id: http://webgoat.googlecode.com/svn/trunk@220 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-01-09 13:28:07 +00:00
3645564018 Added source parameter to "Show Java" for showing lesson source code. Added Google Mail configuration to UncheckedEmail lesson.
git-svn-id: http://webgoat.googlecode.com/svn/trunk@219 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-01-08 12:53:09 +00:00
d92c716ff4 Added source parameter to "Show Java" for showing lesson source code. Added Google Mail configuration to UncheckedEmail lesson.
git-svn-id: http://webgoat.googlecode.com/svn/trunk@218 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-01-08 12:51:13 +00:00
23e7fe1f4f Build cleanup in order to create a complete developer distribution. More menu cleanup
git-svn-id: http://webgoat.googlecode.com/svn/trunk@217 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-01-03 21:09:17 +00:00
f6e0cb7ed0 Don't know what these are?
git-svn-id: http://webgoat.googlecode.com/svn/trunk@216 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-01-03 21:06:52 +00:00
822ce10ca2 5.1 RC2 build updates
git-svn-id: http://webgoat.googlecode.com/svn/trunk@215 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-01-02 14:05:58 +00:00
c1f55215a8 Menu cleanup for Lab stages. Shortened menu names for most lessons. Changed category naming to be more meaningful.
git-svn-id: http://webgoat.googlecode.com/svn/trunk@214 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-01-02 13:48:19 +00:00
ee0bc82bec Single platform build.xml
Modified Lesson banners
Solutions guide and framework

git-svn-id: http://webgoat.googlecode.com/svn/trunk@213 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-10-08 20:37:43 +00:00
a9fe7e6099 Implement non-coding modes for the labs
git-svn-id: http://webgoat.googlecode.com/svn/trunk@211 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-07-25 12:57:57 +00:00
f62eb33c4b Commit Dave's fixes
git-svn-id: http://webgoat.googlecode.com/svn/trunk@210 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-07-25 12:57:17 +00:00
d9979e46ed Another place where we need to compare without case
git-svn-id: http://webgoat.googlecode.com/svn/trunk@209 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-07-25 12:56:51 +00:00
b67bb702d2 Fix more places where the email address was hard-coded
git-svn-id: http://webgoat.googlecode.com/svn/trunk@208 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-07-25 12:56:35 +00:00
6de7bd9ec9 Fix the feedback address in other places
git-svn-id: http://webgoat.googlecode.com/svn/trunk@207 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-07-25 12:56:06 +00:00
d65f5bfd85 Make the stages not right aligned
git-svn-id: http://webgoat.googlecode.com/svn/trunk@206 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-07-25 12:55:57 +00:00
7fd112bc5d Update Random Access Lessons to not include the stage number in the text
We add the stage number programmatically now, since we want to be able
to skip some stages.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@205 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-07-25 12:55:49 +00:00