82ef171a50
XSS Lesson Modifications ( #367 )
...
* initial cut on XSS, need to add some tests still
* initial unit tests for assignment endpoints
* updating header comment license thingy
* comment, clean up
* Stubs for security unit test
* Additional Unit Testing
* isEncoded and isNotEncoded Unit Tests added
* http-proxies updates
* update for XXE solutions
* Work-around to handle special chars in action ... currently to be able to match {userId} in hint creation/assignment for IDOR
* IDOR hints updated
* mitigation content update
* mitigation content update ... 2
* Lesson Overview updates
* including restart lesson fix for lesson overview
2017-07-10 08:33:10 -04:00
3ec5b8708e
clean up of unneeded stuff in pom
2017-06-23 14:46:40 -04:00
ccb4e3813b
#353 - lesson template/guide
2017-06-23 14:46:09 -04:00
edceba73fe
- Added testcases for bypassing frontend validation.
...
- Improved layout of the lesson
- Fixed JavaScript issues with 'let'
2017-06-16 01:16:31 +02:00
bf210de013
Added testcase for SQL lesson 6b
2017-06-16 00:33:02 +02:00
e808abd504
Added testcase for SQL lesson 6a
2017-06-16 00:23:40 +02:00
f1fd214580
Added more testcases for the SQL lesson 12
2017-06-15 23:49:03 +02:00
7809057208
Enabled the challenges again to make them visible for everybody who starts WebGoat
2017-06-15 23:38:04 +02:00
36ad73c800
Added more mitigations for XXE
2017-06-15 23:36:51 +02:00
a484467419
Adding extra lesson for order by clauses
2017-06-15 19:08:19 +02:00
ee912f734b
Added SQL injection from challenge to lesson and added content for a blind sql injection
2017-06-15 19:08:19 +02:00
0740c4ba95
Split large SQL lesson
2017-06-15 19:08:19 +02:00
b048988d2f
Changed layout of the html tampering lesson and fixed some JavaScript issues. Added a small mitigation page.
...
Moved the lessons concerning client side validation to client side category
2017-06-13 03:22:19 +02:00
09d8fef50e
Merge branch 'develop' of github.com:WebGoat/WebGoat into develop
2017-06-12 20:02:30 +02:00
870fa000aa
bypass front-end restrictions (javascript validation)
2017-06-13 10:09:39 +02:00
01421ca822
html restrictions lesson
2017-06-13 10:09:39 +02:00
007cdaa0d8
insecure login lesson
2017-06-13 10:09:39 +02:00
99f75a835c
#359 Fixed
2017-06-12 20:02:21 +02:00
52a48df70c
XXE successfully completed message was no longer shown, fixed it by using form POST together with customjs functions.
...
Introduced callback functionality which you can specify after the posting in order to be able to load the comments list again.
2017-06-12 15:08:55 +02:00
19a4859e4f
Fix hint not being display correctly due to missing escaping
2017-06-12 13:03:14 +02:00
129e9deba9
Added testcase for SQL injection lesson
2017-05-21 16:40:52 +02:00
0ad1f0d147
Fixing Travis issues while building
2017-05-21 13:28:29 +02:00
edea515564
Test failed due to hardcoded path
2017-05-21 12:46:10 +02:00
877de6ebd4
Updated XXE lessons with challenge screens
2017-05-21 12:24:42 +02:00
6f0f71b131
Changed XXE lessons to use photo comment example
2017-05-04 06:25:11 +02:00
4a061f61a6
Integrated XXE assigment from CTF to XXE lesson
2017-05-04 02:25:56 +02:00
d25f71532b
Moved challenge 4 to challenge 6 and introduced new sql injection challenge 5
2017-05-03 17:30:49 +02:00
e656d30b7e
hint updates
2017-05-11 10:44:26 +01:00
9cd5f101d4
challenge 1 hint update
2017-05-11 09:05:01 +01:00
ff89daf987
Moved challenge 4 to challenge 6 and introduced new sql injection challenge 5
2017-05-03 14:34:15 +02:00
4baceeb98b
challenge 1 hint update
2017-05-11 08:57:16 +01:00
5508a08e20
small UI improvement
2017-05-03 03:33:49 +02:00
97e84ae872
Adding assignment class for challenge 5
2017-05-03 03:30:06 +02:00
6909d13ecb
Fixed challenge 1
2017-05-03 03:16:07 +02:00
4f561fc377
Added testcases for challenge 2 and 5
2017-05-03 02:47:17 +02:00
efe5ca4b4d
http-proxies update for AppSecEU challenge
2017-05-09 15:07:56 +01:00
f6d7016b96
typo fix
2017-05-09 15:07:56 +01:00
6184a05c15
Fix challenge 1 testcase
2017-05-02 23:37:37 +02:00
945976868b
Added testcases
2017-05-02 23:28:48 +02:00
262d82f80b
Finishing challenge 5
2017-05-02 19:05:40 +02:00
3cb089d675
Layout improvements
2017-05-02 15:01:10 +02:00
1edf091c4e
Improvements for challenge 3
2017-05-02 14:26:50 +02:00
344b1f9beb
Extended challenge 1 with checking ip address client
2017-05-02 09:13:41 +02:00
615ca5afe3
Posting a flag shows a response in the UI (correct or incorrect)
2017-05-02 03:25:31 +02:00
eb7a6bd2be
Creating endpoint for the scoreboard
2017-05-02 02:29:47 +02:00
39f1597f82
Challenge 5: loading votes from endpoint
2017-04-30 20:53:43 +02:00
9964fac0f1
Challenge 5: changing username working
2017-04-30 20:53:42 +02:00
262fbbcf52
First setup for challenge 5
2017-04-30 20:53:42 +02:00
7054c44c40
Fixed sorting issue with lessons, in particular the challenges need to be ordered so the intro is displayed first
2017-04-16 05:57:40 +02:00
3ccfcac8ff
Challenge 4 done
2017-04-16 05:14:47 +02:00
