dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
72 Commits 11 Branches 78 Tags
Commit Graph

72 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
esheri3
7cd01d8656 The old Course object used some insane recursion, causing my JVM to spike at 100%. Furthermore, it increased the WebGoat initial startup time to roughly 1:30-2:00 minutes (for me). In order to address the disk access overhead (the current greatest impacter of performance), we now cache the file names before parsing the lessons and their resources. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@72 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-01-22 22:25:50 +00:00
esheri3
88553e25f2 Minor spelling issue in hint. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@71 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-01-22 20:14:43 +00:00
esheri3
aa839396f2 Added a <br/> to break the third bullet. Modified the bullet text slightly (removed the "Also, you can") 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@70 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-01-22 20:12:49 +00:00
esheri3
da81501499 Modified input fields so they line up better. In IE7, the input text boxes were over flowing the background image. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@69 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-01-22 19:06:55 +00:00
esheri3
69d8a6e92a Modified input fields so they line up better. In IE7, the input text boxes were over flowing the background image. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@68 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-01-22 19:06:32 +00:00
esheri3
5565d02de6 Modified input fields so they line up better. In IE7, the input text boxes were over flowing the background image. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@67 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-01-22 19:06:01 +00:00
esheri3
edbd6446b6 Very minor spacing issue. Commented out a nbsp and modified the contact information to utilize two columns. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@66 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-01-22 18:45:32 +00:00
esheri3
f6d5fbfc50 I was getting an empty string and a ".svn" file in the "Help File" drop-down box. Modified parseResults() to ensure that the file is not an empty string and the file ends with ".help" 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@65 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-01-22 18:33:50 +00:00
esheri3
a90d292239 Fixed spelling mistakes. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@64 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-01-22 18:10:06 +00:00
esheri3
3ae171c303 Fixed a few spelling mistakes 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@63 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-01-22 17:42:32 +00:00
mayhew64
dfdfb8bcaf Update info for OWASP build and for Release 5.0 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@62 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-01-22 16:03:43 +00:00
mayhew64
8b51818508 Changed remaining contact information to reference an email address I receive (webgoat@g2-inc.com) 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@61 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-01-16 18:29:06 +00:00
mayhew64
fd9b60f98e Added some files required to build OWASP release. 
Modified License text and format to reflect GPL license.
Reformatted most of the code.

git-svn-id: http://webgoat.googlecode.com/svn/trunk@60 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-01-16 14:56:40 +00:00
sherif.fathy
036964495b Fixed comments by Bruce 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@59 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-01-11 05:14:09 +00:00
sherif.fathy
2fdf823259 Changed BackDoors lessons to be a little bit clearer, added more hints. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@58 4033779f-a91e-0410-96ef-6bf7bf53c507
 2006-12-31 07:35:58 +00:00
sherif.fathy
c469a8b0a1 Fixed HttpSplitting and CSRF per Bruce's requests 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@57 4033779f-a91e-0410-96ef-6bf7bf53c507
 2006-12-31 06:32:32 +00:00
sherif.fathy
ae225126ae Changed CSRF per Bruce's comments 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@56 4033779f-a91e-0410-96ef-6bf7bf53c507
 2006-12-30 17:30:30 +00:00
sherif.fathy
63043b0f34 Modified Silent Transactions and XML Injection lesson per Bruce's comments 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@55 4033779f-a91e-0410-96ef-6bf7bf53c507
 2006-12-30 08:07:48 +00:00
sherif.fathy
ba38b57a44 Modified DOMInjection per Bruce's comments 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@54 4033779f-a91e-0410-96ef-6bf7bf53c507
 2006-12-29 16:43:59 +00:00
sherif.fathy
0429f917bc git-svn-id: http://webgoat.googlecode.com/svn/trunk@53 4033779f-a91e-0410-96ef-6bf7bf53c507 2006-12-29 05:13:24 +00:00
mayhew64
f19330db4b Changed help text 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@52 4033779f-a91e-0410-96ef-6bf7bf53c507
 2006-12-29 05:11:40 +00:00
mayhew64
cd4e6a3b95 Minor nits 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@51 4033779f-a91e-0410-96ef-6bf7bf53c507
 2006-12-29 04:51:37 +00:00
mayhew64
59c2427f0d V5 front page 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@50 4033779f-a91e-0410-96ef-6bf7bf53c507
 2006-12-29 03:59:37 +00:00
sherif.fathy
37c56c748d modified CSRF to add an actual attack 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@49 4033779f-a91e-0410-96ef-6bf7bf53c507
 2006-12-28 16:59:02 +00:00
sherif.fathy
5e061d5bad Added JSONInjection, SilentTransactions 
Modified The install guide

git-svn-id: http://webgoat.googlecode.com/svn/trunk@48 4033779f-a91e-0410-96ef-6bf7bf53c507
 2006-12-28 15:35:10 +00:00
sherif.fathy
af2df52e91 Added Backdoors lesson 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@47 4033779f-a91e-0410-96ef-6bf7bf53c507
 2006-12-25 17:20:01 +00:00
mayhew64
3732cd80af Logo 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@46 4033779f-a91e-0410-96ef-6bf7bf53c507
 2006-12-24 13:44:57 +00:00
mayhew64
05305c0096 replaced by lab properties 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@45 4033779f-a91e-0410-96ef-6bf7bf53c507
 2006-12-24 13:40:23 +00:00
mayhew64
857799f855 Minor syntax cleanup 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@44 4033779f-a91e-0410-96ef-6bf7bf53c507
 2006-12-24 13:38:45 +00:00
mayhew64
a394e58093 Missing Div tag 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@43 4033779f-a91e-0410-96ef-6bf7bf53c507
 2006-12-24 13:34:56 +00:00
mayhew64
159f691b4b Build Procedures 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@42 4033779f-a91e-0410-96ef-6bf7bf53c507
 2006-12-24 13:34:09 +00:00
sherif.fathy
67497f0919 Added a hint in log spoofing instructions for the user to add a script in the log file 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@41 4033779f-a91e-0410-96ef-6bf7bf53c507
 2006-12-23 00:39:18 +00:00
sherif.fathy
7acbacbe61 Added Cache Poisining lesson as a staged lesson to HTTP Splitting lesson. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@40 4033779f-a91e-0410-96ef-6bf7bf53c507
 2006-12-23 00:24:47 +00:00
sherif.fathy
9f76aeb38f More changes to the response splitting lesson plan. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@39 4033779f-a91e-0410-96ef-6bf7bf53c507
 2006-12-22 00:49:29 +00:00
sherif.fathy
1d67443b22 Removed some commented code and added more description to the HTTP Splitting lesson 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@38 4033779f-a91e-0410-96ef-6bf7bf53c507
 2006-12-22 00:20:31 +00:00
sherif.fathy
575d040c24 Added XMLInjection lesson 
Modified DOM Injection lesson
Added gratification to http splitting

git-svn-id: http://webgoat.googlecode.com/svn/trunk@37 4033779f-a91e-0410-96ef-6bf7bf53c507
 2006-12-21 04:39:32 +00:00
sherif.fathy
60d65681ff Renamed XMLInjection to XPATHInjection 
Made some changes to the lesson according to Jeff's comments

git-svn-id: http://webgoat.googlecode.com/svn/trunk@36 4033779f-a91e-0410-96ef-6bf7bf53c507
 2006-12-16 23:38:02 +00:00
sherif.fathy
296254e279 This patch contains the HTTP connector that intercepts the requests to the application and tries to communicate with OSG. 
It also contains the DOM Injection lesson

git-svn-id: http://webgoat.googlecode.com/svn/trunk@35 4033779f-a91e-0410-96ef-6bf7bf53c507
 2006-12-16 22:39:14 +00:00
sherif.fathy
80a2add2d7 - This patch fixes Forced Browsing lesson by removing any custom coding for WebSession and HammerHead.java 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@34 4033779f-a91e-0410-96ef-6bf7bf53c507
 2006-12-04 04:35:04 +00:00
sherif.fathy
51d40b7b22 - Contains the XMLInjection lesson. 
- New files added:
  XMLInjection.html, XMLInjection.java and XMLInjection/EmployeesData.xml

git-svn-id: http://webgoat.googlecode.com/svn/trunk@33 4033779f-a91e-0410-96ef-6bf7bf53c507
 2006-12-02 19:45:59 +00:00
sherif.fathy
c2aee8017e git-svn-id: http://webgoat.googlecode.com/svn/trunk@32 4033779f-a91e-0410-96ef-6bf7bf53c507 2006-11-11 22:42:54 +00:00
sherif.fathy
99779ea2e9 Add a new lesson "How to add a new lesson" under new category "New Lessons" 
Modified the existing lessons to present the solution in the last hint

git-svn-id: http://webgoat.googlecode.com/svn/trunk@31 4033779f-a91e-0410-96ef-6bf7bf53c507
 2006-11-11 22:41:42 +00:00
mayhew64
e5b3b00b0f General cleanup of warnings, fixed a few method scope issues and incorrect use of static references to categories 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@30 4033779f-a91e-0410-96ef-6bf7bf53c507
 2006-11-03 23:55:08 +00:00
sherif.fathy
fae3c3f047 patch to fix a last minute typo and an unwanted import statement 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@29 4033779f-a91e-0410-96ef-6bf7bf53c507
 2006-11-03 02:50:12 +00:00
sherif.fathy
6a59cd6e6e git-svn-id: http://webgoat.googlecode.com/svn/trunk@28 4033779f-a91e-0410-96ef-6bf7bf53c507 2006-11-03 01:14:36 +00:00
sherif.fathy
ca2dfa27d1 * Log spoofing lesson this includes the following file: 
- LogSpoofing.html
  - LogSpoofing.java

git-svn-id: http://webgoat.googlecode.com/svn/trunk@27 4033779f-a91e-0410-96ef-6bf7bf53c507
 2006-11-01 02:26:51 +00:00
sherif.fathy
1a9d859507 - Updated a comment and removed some unused imports in HttpSplitting.java 
- Added CSRF.html and CSRF.java

git-svn-id: http://webgoat.googlecode.com/svn/trunk@26 4033779f-a91e-0410-96ef-6bf7bf53c507
 2006-10-23 01:15:03 +00:00
esheri3
b6256a17f1 Fixed 'Restart Lesson' bug in SoapRequest.java. Successful completion of a lesson resets the function invocation counters. Added HttpOnly lesson with improved browser identification support. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@25 4033779f-a91e-0410-96ef-6bf7bf53c507
 2006-10-09 14:28:09 +00:00
sherif.fathy
6916632841 - Added some documentations. 
- Changed some variable names for clarification

git-svn-id: http://webgoat.googlecode.com/svn/trunk@24 4033779f-a91e-0410-96ef-6bf7bf53c507
 2006-10-09 00:49:53 +00:00
sherif.fathy
6cc8bed0c7 - Added HTTP lesson together with its lesson plan and goals. 
- Files added:
   HttpSplitting.html
   HttpSplitting.java
   redirect.jsp
- Files Changed:
   webgoat-class.properties
   webgoat-lmc.properties

git-svn-id: http://webgoat.googlecode.com/svn/trunk@23 4033779f-a91e-0410-96ef-6bf7bf53c507
 2006-10-08 23:46:34 +00:00