dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,885 Commits 11 Branches 78 Tags
7c92d625ddbdd4c9c9f1c07b46c2a1445a099d16
Commit Graph

2885 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
wirth.marcel
82e32acb77 * Hints added 
* Solutions added
* Bugfixes
* Introduction added (including how to start with webgoat and useful tools)
* New lesson: Password strength
* New lessons: Multi Level Login
* Not yet working new lesson: Session fixation (inital release)

git-svn-id: http://webgoat.googlecode.com/svn/trunk@301 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-07 14:28:38 +00:00
mayhew64
84f01ba70a Fix for Issue 5. Removed single ticks on hint for order by clause. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@295 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-04 12:54:36 +00:00
mayhew64
ce703bc67d Fix for Issue 5. Removed single ticks on hint for order by clause. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@295 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-04 12:54:36 +00:00
mayhew64
f3058bafbd Issue 6 Fix - Change netstat protocols to lower case to support unix. Some windows protocols will not work on unix. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@294 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-04 12:33:17 +00:00
mayhew64
99ec50f096 Issue 6 Fix - Change netstat protocols to lower case to support unix. Some windows protocols will not work on unix. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@294 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-04 12:33:17 +00:00
mayhew64
531bf627c3 Minor FAQ change 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@288 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-02-27 00:58:37 +00:00
mayhew64
ed10cb41b3 Minor FAQ change 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@288 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-02-27 00:58:37 +00:00
mayhew64
a8db8989c8 Reformat of Java source. Added JavaStyle format definitions. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@287 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-02-27 00:29:19 +00:00
mayhew64
841c995be7 Reformat of Java source. Added JavaStyle format definitions. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@287 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-02-27 00:29:19 +00:00
mayhew64
cbdff41aa8 Added webgoat.sh to all builds 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@277 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-02-06 13:33:36 +00:00
mayhew64
a2bc152f80 Added webgoat.sh to all builds 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@277 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-02-06 13:33:36 +00:00
mayhew64
32fb29b6ee Changed ExecuteQuery to executeUpdate to remove empty result set error which stopped the lesson from working for HSQLDB 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@276 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-02-05 21:24:20 +00:00
mayhew64
80c1b16f3e Changed ExecuteQuery to executeUpdate to remove empty result set error which stopped the lesson from working for HSQLDB 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@276 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-02-05 21:24:20 +00:00
mayhew64
742f1faa0b Obsolete file 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@275 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-02-05 21:19:09 +00:00
mayhew64
5e8f7c7096 Obsolete file 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@275 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-02-05 21:19:09 +00:00
rogan.dawes
e64d676f06 fixing typo / bug 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@274 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-14 14:02:21 +00:00
rogan.dawes
dbfabf44b3 fixing typo / bug 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@274 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-14 14:02:21 +00:00
rogan.dawes
b0b94c4688 Miscellaneous bug fixes 
divide by zero, inaccurate discount and totals, reflection of user input


git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@273 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-14 14:02:11 +00:00
rogan.dawes
f7a19f534c Miscellaneous bug fixes 
divide by zero, inaccurate discount and totals, reflection of user input


git-svn-id: http://webgoat.googlecode.com/svn/trunk@273 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-14 14:02:11 +00:00
mayhew64
72c18c5426 Removed space from " webgoat" directory name 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@272 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-12 17:42:01 +00:00
rogan.dawes
280b46029b Make stage completion messages appear in a logical order 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@270 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 20:43:48 +00:00
rogan.dawes
45d7b763d4 Remove an unnecessary printStackTrace() 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@269 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 20:21:10 +00:00
mayhew64
cbb5358485 Changes for OWASP Developer build for 5.1 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@268 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 17:44:49 +00:00
mayhew64
b7156e12da Added hint about extra "." in http://localhost./ 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@267 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 17:39:07 +00:00
mayhew64
36ca8e5598 Challenge jsp is supposed to be a clone of the webgoat.jsp 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@266 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 13:48:42 +00:00
mayhew64
ef79edca0a Changes for OWASP Standard build for 5.1 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@265 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 13:43:46 +00:00
mayhew64
aa62ffbb71 No longer delivering standalone war 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@264 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 13:36:06 +00:00
mayhew64
6834cac8fa Commented out console debugging output 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@263 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 12:57:39 +00:00
mayhew64
8e83229be8 Show solution button graphics 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@262 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 12:52:37 +00:00
mayhew64
97a1291648 Java mail APIs for unchecked email lesson 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@261 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 12:50:27 +00:00
rogan.dawes
d8f7ce2a4f Add a link to the WSDL file in the 3rd stage of SOAPRequest 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@260 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:52:02 +00:00
rogan.dawes
1b6789304c Fix a hint to refer to the right field 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@259 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:51:43 +00:00
rogan.dawes
8d85b2da23 Change UpdateProfile to always use a PreparedStatement, to avoid SQL Injection attacks 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@258 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:49:12 +00:00
rogan.dawes
f78d70a8e7 Only mark Stage 1 complete when someone else views the exploit 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@257 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:48:30 +00:00
rogan.dawes
dd6a893f28 minor changes 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@256 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:48:01 +00:00
rogan.dawes
489bff08f8 cleaning up a bit 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@255 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:47:33 +00:00
rogan.dawes
457a868113 adding XHR lesson 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@254 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:46:57 +00:00
rogan.dawes
4066296d30 changing name of lesson 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@253 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:46:18 +00:00
rogan.dawes
b3591580a9 clarifying instructions and importing a .js 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@252 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:45:44 +00:00
rogan.dawes
dc3ad6453d adding backup files 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@251 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:45:23 +00:00
rogan.dawes
f27dae0773 changing location of RegexMatch.dll 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@250 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:45:07 +00:00
rogan.dawes
8e1fb2caa3 added console debugging line 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@249 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:44:56 +00:00
rogan.dawes
2bb4df8ef1 added console debugging line 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@248 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:44:43 +00:00
rogan.dawes
ebfcd02a9f updating AJAX lesson plans 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@247 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:44:27 +00:00
rogan.dawes
a84d0e951d making ajax impovements 
Also convert SQL server file from Unix to DOS line endings


git-svn-id: http://webgoat.googlecode.com/svn/trunk@246 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:44:09 +00:00
rogan.dawes
a8c87e0704 Move the SQL Server instructions into a single file 
Previously, the solution to this lesson involved a complex
set of operations, loading assemblies, creating functions, etc

Now that that is all done during the set up phase, and is not
expected of the student, the solution is easy to fit into
the instructor file.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@245 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:14:46 +00:00
rogan.dawes
1621a39e35 Provide an example of how to override the default setting using environment variables 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@244 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:14:30 +00:00
rogan.dawes
12554493cd Change the default Oracle password back to webgoat (no _) 
No good reason to change it actually.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@243 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:14:27 +00:00
rogan.dawes
71330946f4 Make it possible to override WebGoat context settings via environment variables 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@242 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:14:17 +00:00
rogan.dawes
c31ef90a3d Allow overriding of the WebGoat context setting via environment variables 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@241 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-10 10:14:06 +00:00