dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,262 Commits 11 Branches 78 Tags
Commit Graph

511 Commits

Author SHA1 Message Date
Jason White
7f532f0ffc XSS lesson updates 2017-02-17 13:05:54 -05:00
mayhew64
0de569339c Cleanup of vulnerable components 2017-02-08 11:37:11 -05:00
mayhew64
27947cca96 Fixed the SQL Injection to return results upon success 2017-02-08 00:01:44 -05:00
mayhew64
33e807797c Xstream RCE works now 2017-02-07 23:51:05 -05:00
Nanne Baars
65d728dfff Solved issue with POST in vulnerable components lesson 2017-02-07 23:49:26 +01:00
Nanne Baars
8d3b028acc Solved issue with POST in vulnerable components lesson 2017-02-07 23:38:57 +01:00
mayhew64
a00546638a Merge branch 'develop' of https://github.com/WebGoat/WebGoat into develop 2017-02-07 16:06:45 -05:00
mayhew64
b4159385c1 Vulnerable components draft, fixed missing properties in httpbasics when user input was empty 2017-02-07 16:05:30 -05:00
Jason White
40844bd823 #319 updated content for proxy 2017-02-07 18:13:27 +01:00
mayhew64
85ef7ee1a4 Merge branch 'develop' of https://github.com/WebGoat/WebGoat into develop 2017-02-06 09:19:29 -05:00
Nanne Baars
d25700434e Added tests for assignments 2017-01-31 23:28:59 +01:00
Nanne Baars
ee5a12d205 Provide Server-side service to support UI localization #265 (#322) 
merging
 2017-01-31 11:52:33 -05:00
mayhew64
fbd37b39bd Merge branch 'develop' of https://github.com/WebGoat/WebGoat into develop 2017-01-28 11:05:16 -05:00
mayhew64
ef3779ec13 Draft Vuln components 2017-01-28 11:05:09 -05:00
mayhew64
a564ff2038 adding in Vulnerable Components lesson 2017-01-28 10:59:44 -05:00
Jason White
2b31a19143 #319 2017-01-27 15:39:31 -05:00
Jason White
264f7e74b6 Minor clean up in assignment endpoint 2017-01-25 14:56:20 -05:00
Jason White
f7ec164601 Adding request intercept assignment 2017-01-25 14:56:20 -05:00
Jason White
ac16342c17 #315 Adding UI handling and corresponding expected elements for html files for decoration. Inlucdes minor refactor 2017-01-25 17:46:31 +01:00
Nanne Baars
0779f7a3d0 Hints per lesson (#314) 
Squashing and merging ...

* Each assigment should have the options to have its own set of hints #278

* Updating lessons due to changes from #278

* Enable i18n client side #312

* IDOR move hints to assignment and enable i18n #312
 2017-01-24 09:34:06 -05:00
Nanne Baars
6d727b98e3 Create IDOR lesson #304 
- Fix put mapping
 2017-01-18 20:50:37 +01:00
Jason White
4e9b30d7f6 #304 incremental addition for IDOR, still experiencing 400 with PUT method 2017-01-09 14:02:00 -05:00
Jason White
fe4f568fc0 #304 update to IDOR. Still experiencing 400 on EditOwnProfile endpoint 2017-01-06 13:04:03 -05:00
Jason White
0a41b2813d #304 ... trying to fix prev. commit 2017-01-06 08:06:49 -05:00
Jason White
65eaa934ea Initial/partial commit of IDOR lesson 2017-01-05 17:30:53 -05:00
Nanne Baars
9c03b6f63b #276 Automatic lesson summary page 
- Basic overview of all the assignments needed to be solved in a lesson
 - Clicking on a link will jump to the correct page with the assignment
 - Lesson completed also updates lesson overview immediately
 2016-12-28 10:14:34 +01:00
Jason White
282073ed2d Adding ZAP content for HTTP Basics 2016-12-22 16:37:57 -05:00
Mario Zupan
6fa894938b Issue #275: Activate Syntax Highlighting with Coderay in Asciidoc templates 2016-12-15 17:37:30 +01:00
Nanne Baars
b8b632905d Fixing failing unit test 2016-12-08 22:06:21 +01:00
Nanne Baars
1a854a500e Lesson overview 2016-11-29 20:27:54 +01:00
Jason White
e183c8d8b3 implementing support for dom xss 2016-11-23 17:25:47 -05:00
Nanne Baars
5347311319 XXE last assignment completely working 2016-11-23 17:09:35 +01:00
Nanne Baars
c80bfcbc2f First checkin for CSRF 
(cherry picked from commit a01a767)
 2016-11-23 17:09:35 +01:00
Jason White
4940a12d0d button size fix 2016-11-22 16:25:19 -05:00
mayhew64
32d1009390 Reflected xss working - still have to think how to get the success criteria. Page needs some work though 2016-11-21 23:09:58 -05:00
Bruce Mayhew
edaadecc38 Merge pull request #286 from WebGoat/feature/spring-boot 
First draft at XSS
 2016-11-21 18:37:53 -05:00
Jason White
2647722842 fixing typo 2016-11-21 13:50:21 -05:00
mayhew64
95607089d4 First draft at XSS 2016-11-21 13:39:43 -05:00
Nanne Baars
f2a114419a XXE checkin 2016-11-18 10:39:39 +01:00
Nanne Baars
38e5999472 XXE checkin 2016-11-17 17:36:17 +01:00
Nanne Baars
f698a2d6ae XXE first attempt 2016-11-17 16:27:41 +01:00
Nanne Baars
6d45bbc09c HTTP-Basics mark lesson complete issue fixed 2016-11-17 15:00:54 +01:00
Jason White
b5fd52e908 refactor to help accomodate multiple attacks and output in one 'page' 2016-11-17 08:06:06 -05:00
mayhew64
507a4cfbdb few cleanup items, added least privilege 2016-11-16 17:56:29 -05:00
mayhew64
f091e21c60 Fixed test for password 2016-11-16 16:18:22 -05:00
mayhew64
29447a11b4 First wave is complete; some rendering issues 2016-11-16 13:41:51 -05:00
mayhew64
24b2e79dc5 Trying to wire up the DB connection and fill out first sql stub 2016-11-15 22:40:24 -05:00
mayhew64
0285bf96a7 another stub 2016-11-15 19:39:23 -05:00
mayhew64
67adddbffc Merge branch 'feature/spring-boot' of https://github.com/WebGoat/WebGoat into feature/spring-boot 2016-11-15 19:38:26 -05:00
mayhew64
8b6ad92aea First round of sql injection with stubs 2016-11-15 19:37:11 -05:00