dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,676 Commits 11 Branches 78 Tags
833e09fcedc4ea5f88ac824bc75752aa709bda74
Commit Graph

704 Commits

Author SHA1 Message Date
misfir3
82ef171a50 XSS Lesson Modifications (#367) 
* initial cut on XSS, need to add some tests still

* initial unit tests for assignment endpoints

* updating header comment license thingy

* comment, clean up

* Stubs for security unit test

* Additional Unit Testing

* isEncoded and isNotEncoded Unit Tests added

* http-proxies updates

* update for XXE solutions

* Work-around to handle special chars in action ... currently to be able to match {userId} in hint creation/assignment for IDOR

* IDOR hints updated

* mitigation content update

* mitigation content update ... 2

* Lesson Overview updates

* including restart lesson fix for lesson overview
 2017-07-10 08:33:10 -04:00
Jason White
921561cf32 mitigation content update ... 2 2017-06-27 11:33:39 -04:00
Jason White
ebb851b361 mitigation content update 2017-06-27 11:28:16 -04:00
Jason White
296723508b IDOR hints updated 2017-06-27 10:26:22 -04:00
Jason White
dd18e68660 merge of upstream, conflict resolution 2017-06-27 08:30:58 -04:00
Jason White
3a9bb946ed update for XXE solutions 2017-06-27 08:27:06 -04:00
Jason White
3ec5b8708e clean up of unneeded stuff in pom 2017-06-23 14:46:40 -04:00
Jason White
ccb4e3813b #353 - lesson template/guide 2017-06-23 14:46:09 -04:00
Nanne Baars
edceba73fe - Added testcases for bypassing frontend validation. 
- Improved layout of the lesson
- Fixed JavaScript issues with 'let'
 2017-06-16 01:16:31 +02:00
Nanne Baars
bf210de013 Added testcase for SQL lesson 6b 2017-06-16 00:33:02 +02:00
Nanne Baars
e808abd504 Added testcase for SQL lesson 6a 2017-06-16 00:23:40 +02:00
Nanne Baars
f1fd214580 Added more testcases for the SQL lesson 12 2017-06-15 23:49:03 +02:00
Nanne Baars
7809057208 Enabled the challenges again to make them visible for everybody who starts WebGoat 2017-06-15 23:38:04 +02:00
Nanne Baars
36ad73c800 Added more mitigations for XXE 2017-06-15 23:36:51 +02:00
Nanne Baars
a484467419 Adding extra lesson for order by clauses 2017-06-15 19:08:19 +02:00
Nanne Baars
ee912f734b Added SQL injection from challenge to lesson and added content for a blind sql injection 2017-06-15 19:08:19 +02:00
Nanne Baars
0740c4ba95 Split large SQL lesson 2017-06-15 19:08:19 +02:00
Nanne Baars
b048988d2f Changed layout of the html tampering lesson and fixed some JavaScript issues. Added a small mitigation page. 
Moved the lessons concerning client side validation to client side category
 2017-06-13 03:22:19 +02:00
Nanne Baars
09d8fef50e Merge branch 'develop' of github.com:WebGoat/WebGoat into develop 2017-06-12 20:02:30 +02:00
Michal Smolík
870fa000aa bypass front-end restrictions (javascript validation) 2017-06-13 10:09:39 +02:00
Michal Smolík
01421ca822 html restrictions lesson 2017-06-13 10:09:39 +02:00
Michal Smolík
007cdaa0d8 insecure login lesson 2017-06-13 10:09:39 +02:00
Nanne Baars
99f75a835c #359 Fixed 2017-06-12 20:02:21 +02:00
Nanne Baars
52a48df70c XXE successfully completed message was no longer shown, fixed it by using form POST together with customjs functions. 
Introduced callback functionality which you can specify after the posting in order to be able to load the comments list again.
 2017-06-12 15:08:55 +02:00
Nanne Baars
19a4859e4f Fix hint not being display correctly due to missing escaping 2017-06-12 13:03:14 +02:00
Jason White
06a3f5d189 http-proxies updates 2017-06-09 15:33:21 -04:00
Jason White
2305d355c7 isEncoded and isNotEncoded Unit Tests added 2017-05-25 19:36:02 -04:00
Jason White
31548b9c57 Additional Unit Testing 2017-05-24 17:12:28 -04:00
Jason White
e733131241 Stubs for security unit test 2017-05-24 13:12:36 -04:00
Jason White
a9e5dd645d comment, clean up 2017-05-22 20:10:03 -04:00
Nanne Baars
129e9deba9 Added testcase for SQL injection lesson 2017-05-21 16:40:52 +02:00
Nanne Baars
0ad1f0d147 Fixing Travis issues while building 2017-05-21 13:28:29 +02:00
Nanne Baars
edea515564 Test failed due to hardcoded path 2017-05-21 12:46:10 +02:00
Nanne Baars
877de6ebd4 Updated XXE lessons with challenge screens 2017-05-21 12:24:42 +02:00
Jason White
a5b4aeaa76 updating header comment license thingy 2017-05-20 21:49:40 -04:00
Jason White
857f09df14 initial unit tests for assignment endpoints 2017-05-20 21:17:02 -04:00
Jason White
feead6b740 initial cut on XSS, need to add some tests still 2017-05-18 14:41:14 -04:00
Nanne Baars
6f0f71b131 Changed XXE lessons to use photo comment example 2017-05-04 06:25:11 +02:00
Nanne Baars
4a061f61a6 Integrated XXE assigment from CTF to XXE lesson 2017-05-04 02:25:56 +02:00
Nanne Baars
d25f71532b Moved challenge 4 to challenge 6 and introduced new sql injection challenge 5 2017-05-03 17:30:49 +02:00
Jason White
e656d30b7e hint updates 2017-05-11 10:44:26 +01:00
Jason White
9cd5f101d4 challenge 1 hint update 2017-05-11 09:05:01 +01:00
Nanne Baars
ff89daf987 Moved challenge 4 to challenge 6 and introduced new sql injection challenge 5 2017-05-03 14:34:15 +02:00
Jason White
4baceeb98b challenge 1 hint update 2017-05-11 08:57:16 +01:00
Nanne Baars
5508a08e20 small UI improvement 2017-05-03 03:33:49 +02:00
Nanne Baars
97e84ae872 Adding assignment class for challenge 5 2017-05-03 03:30:06 +02:00
Nanne Baars
6909d13ecb Fixed challenge 1 2017-05-03 03:16:07 +02:00
Nanne Baars
4f561fc377 Added testcases for challenge 2 and 5 2017-05-03 02:47:17 +02:00
Jason White
efe5ca4b4d http-proxies update for AppSecEU challenge 2017-05-09 15:07:56 +01:00
Jason White
f6d7016b96 typo fix 2017-05-09 15:07:56 +01:00