dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,021 Commits 11 Branches 78 Tags
Commit Graph

209 Commits

Author SHA1 Message Date
Benedikt - Desktop
75b1895122 Added a new lessons for sql injections on "Compromising confidentiality with String SQL Injection" 2019-03-26 08:43:38 +01:00
Rene Zubcevic
6e36cc1ea4 removed unnecessary interceptors 2019-03-26 08:37:47 +01:00
Rene Zubcevic
1c2648e0a9 disable the fallback to the system locale to fix unit test and establish the desired behaviour 2019-03-26 08:37:47 +01:00
Nanne Baars
ed490a5ecf Fix for #545 
Introduced new macro to make a clear distinction between /WebWolf with
context root and without.
 2019-01-16 11:07:30 +01:00
misfir3
844808bfa7
Merge pull request #485 from matthias-g/fixSQLInjection 
Fix sql injection
 2018-06-13 18:41:05 -06:00
Matthias Grundmann
1d2575a211 Allow - in usernames because CSRF lesson requires username starting with prefix crsf- #476 2018-06-13 11:38:33 +02:00
Matthias Grundmann
56fc983414
Update database layout so that proposed solution works 2018-06-12 17:40:28 +02:00
Nanne Baars
fc2c99bcb4 Limit the username to letters and digits only 2018-05-29 16:16:52 +02:00
Nanne Baars
60ef35e241 Working lesson 2018-05-23 14:28:19 +02:00
Nanne Baars
9d7886d572 More JWT work 2018-05-23 14:28:19 +02:00
Nanne Baars
ea9c1a453d Initial version for JWT 2018-05-23 14:28:19 +02:00
Jose Selvi
84860e65f6 Insecure Deserialization exercise 2018-05-23 13:58:03 +02:00
Nanne Baars
8050a2b56d XXE lesson not showing correct link for WebWolf 2018-05-01 21:54:28 +02:00
Nanne Baars
e4ca0c4836 Make report working again 2018-04-27 19:26:01 +02:00
Nanne Baars
e422da4c64 Polling for lesson updates (updates the menu and page navigation) 2018-04-27 18:50:13 +02:00
Nanne Baars
245ba2c3d1 Fix XXE lesson, the exact .webgoat directory including version number will be put in the lesson. 2018-04-24 20:44:05 +02:00
Nanne Baars
672d78eebc Resource bundle in UTF-8 2018-04-23 16:12:50 +02:00
nbaars
b99b554522 Version: docker 8.0.0.M9 Multiple users can't finalize the same lesson #432 2018-01-29 15:29:48 +01:00
nbaars
ee11381a63 Fixed database issue mappings 2018-01-21 17:13:28 +01:00
nbaars
2cc6c232e2 Added macro for asciidoc to produce the WebWolf link dynamically depending on configuration 2018-01-15 20:56:59 +01:00
nbaars
a6b9235711 SQL Error '-104' in XSS Lesson Page 7 #416 2018-01-10 12:48:45 +01:00
nbaars
c6e86861fe Removed Mongodb, so we do not have issues with downloading the embedded Mongodb. Moved back to JPA and use HSQLDB for storing user information. 2017-12-29 22:12:21 +01:00
nbaars
dd7f4074cd Added encoding for asciidoc 2017-12-28 00:16:16 +01:00
Nanne Baars
43b82027f5 Added more content for CSRF lesson 2017-11-22 01:34:05 +01:00
Nanne Baars
5eed385d5d When an adoc file cannot be found the complete lesson crashed, made it failsafe with a logging statement. 2017-11-17 07:08:24 +01:00
Nanne Baars
fc1353b2f1 Pom cleanup 2017-11-02 16:14:44 +01:00
Nanne Baars
3ee1a1ca16 Travis now builds Docker and create a Github release. 
Removed ActiveMQ between WebGoat and WebWolf they now act as standalone applications
 2017-10-18 10:54:16 +02:00
Jason White
d0ec84e9a6 Merge remote-tracking branch 'upstream/develop' into develop 2017-10-11 20:29:47 -06:00
Jason White
b156d81535 Initial cut on CSRF. More to come 2017-10-11 20:06:57 -06:00
Nanne Baars
46c536554c - Added new challenges 
- Added new webapplication called WebWolf to make attacks more realistic
- Added WebWolf lesson to explain the concepts behind this new application
 2017-09-12 23:12:10 +02:00
Jason White
b41751a55c missing function level ac working again ... after VM implosion 2017-08-08 17:15:20 -06:00
Jason White
8df1d53471 interim missing function ac commit, traversing dev. env. 2017-08-08 09:28:09 -06:00
Jason White
c44186f986 start of missing function ac lesson 2017-07-24 16:26:23 -04:00
Jason White
dce962bdeb Updating Category ordering, closer to T10 2017-07-19 15:54:50 -04:00
Jason White
ccb4e3813b #353 - lesson template/guide 2017-06-23 14:46:09 -04:00
Nanne Baars
e9ad20cb30 Make sure we clean all the files below the .webgoat dir 2017-06-15 19:08:19 +02:00
Nanne Baars
a484467419 Adding extra lesson for order by clauses 2017-06-15 19:08:19 +02:00
Nanne Baars
b048988d2f Changed layout of the html tampering lesson and fixed some JavaScript issues. Added a small mitigation page. 
Moved the lessons concerning client side validation to client side category
 2017-06-13 03:22:19 +02:00
Nanne Baars
129e9deba9 Added testcase for SQL injection lesson 2017-05-21 16:40:52 +02:00
Nanne Baars
877de6ebd4 Updated XXE lessons with challenge screens 2017-05-21 12:24:42 +02:00
Nanne Baars
cae937c83e Updated menu item for challenges 2017-05-03 11:51:24 +02:00
Nanne Baars
194a327ad5 Fixed issue when restarting the lesson the menu was not updated (the marker stayed behind) 
Also restarting the lesson was not persisted
 2017-05-03 05:08:00 +02:00
Nanne Baars
454e8d4c14 Solving an assignment twice adds its again which breaks the UI because the endpoint for lessonoverview returns mulitple values for the same assignment. 2017-05-02 04:38:30 +02:00
Jason White
b0f66f16fb initial plumb of scoreboard 2017-05-02 22:24:31 -04:00
Nanne Baars
615ca5afe3 Posting a flag shows a response in the UI (correct or incorrect) 2017-05-02 03:25:31 +02:00
Nanne Baars
a134b25213 Scoreboard now returns the flags captured (title) 2017-05-02 02:45:35 +02:00
Nanne Baars
eb7a6bd2be Creating endpoint for the scoreboard 2017-05-02 02:29:47 +02:00
Nanne Baars
2f72ac4add Merge branch 'develop' into challenge 2017-04-16 08:54:34 +02:00
Nanne Baars
a63bf006d6 Language of the browser not english will crash WebGoat during loading of the asciidoc. This is due to the fact we always presume the lesson plan is available in the browser language. It now falls back to 'en' whenever the lesson cannot be found with the language obtained from the browser. 2017-04-16 07:52:30 +02:00
Nanne Baars
d66db56c86 Added test for LessonMenuService. 2017-04-16 07:28:35 +02:00