dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,369 Commits 11 Branches 78 Tags
Commit Graph

540 Commits

Author SHA1 Message Date
Nanne Baars
39740e069e New release 2020-05-22 14:10:31 +02:00
Nanne Baars
9b72610510 Extend XXE lesson with more content and add solution description 
Remove obsolete images
Add stylesheet items specific for asciidoctor so we can for icons and source numbering
 2020-05-22 10:10:42 +02:00
René Zubcevic
f520c3589c
flag submission fixed (#812) 2020-05-07 11:04:00 +02:00
René Zubcevic
832d6432fc
fix for JWT green button and WebWolf intro green button and added jwt int tests (#808) 2020-05-07 08:28:45 +02:00
René Zubcevic
9dea696c4c
added int test for IDOR and fixed green button issue (#801) 2020-04-29 12:12:11 +02:00
René Zubcevic
2398949396 added ace js for java 2020-04-28 09:33:54 +02:00
Nanne Baars
54610868fe Fix the syntax differences between HSQL and Postgres 2020-04-27 11:45:41 +02:00
René Zubcevic
88eb4d7b26 ace editor added without all the nonsense around it 2020-04-26 16:45:56 +02:00
Nanne Baars
4f649234a9 Fix Java 11 issue where the order of methods returned in AssignmentEndpoint subclasses returned wrong method for determining the mapping of an assignment. Now we walk over all methods until we find one which has for example a @GetMapping with AttackResult or ResponseEntity<AttackResult as return type. If no such method is found an exception is thrown 2020-04-19 15:42:50 +02:00
René Zubcevic
089952e9ad quiz fix for CIA, SQL Injection Advanced and XSS + XSS description 
change in alert(document.cookie)
 2020-04-17 15:33:26 +02:00
René Zubcevic
b8abc99faf fix for scoreboard after js refactoring 2020-04-08 12:05:01 +02:00
René Zubcevic
e921fb66a9 actual working version of vulnerable components part 5 2020-04-08 12:05:01 +02:00
René Zubcevic
e25f7a7560 clean up and update js 2020-04-08 12:05:01 +02:00
René Zubcevic
c4153ecbfb
Maven owasp dep update (#776) 
* add pmd and owasp dependency check through -P owasp profile

* suppress full stack trace in log

* revert to spring 2.2.0 as 2.2.4 failed in travis

* added owasp dependency check maven configuration details to vulenerable
lesson page 7
 2020-04-06 16:01:09 +02:00
Nanne Baars
3ece45b3d4 Fix for not passing the content-type 2020-03-10 08:03:48 +01:00
Nanne Baars
6b7678fb1d Remove old files 2020-03-10 08:03:48 +01:00
Nanne Baars
6c25cf8e43 Add path traversal lesson 2020-03-10 08:03:48 +01:00
René Zubcevic
a8118a14cd add support for status 403 feedback from e.g. ModSecurity/CRS 2020-02-28 23:06:42 +01:00
René Zubcevic
4e371b63d0
suppressing some useless log messages and banners in unit tests (#752) 
* suppressing some useless log messages and banners in unit tests

* some more log suppressed
 2020-01-25 12:11:45 +01:00
Nanne Baars
edd6b7d7cf Reset lesson bug (#741) 
* Remove old code from UI

* Remove old code

* Remove old functions

* Remove unnecessary divs

* Remove logging to console

* Clear lesson messages (checkmark, output text etc) when lesson resets
 2020-01-05 20:22:50 +01:00
Nanne Baars
0d7daf60d9 Fix broken e-mail link (#738) 2020-01-05 15:05:51 +01:00
René Zubcevic
59076fc9ef adjusted WebWolfMacro 2019-12-23 17:08:33 +01:00
René Zubcevic
b5e5dd1d13
Crypto lesson (#712) 
* crypto lesson added

* signing assignment

* integration test added for signing assignment

* added more hints

* corrections after rebase

* added some explanation

* added security defaults assignment
 2019-11-23 21:52:14 +01:00
Nanne Baars
9c0b7f8233 Fix version substitution so WebGot home directory contains version number instead of @project.version@ in the name (#710) 2019-11-17 14:33:24 +01:00
Nanne Baars
5dd6b31905 Adjust lesson template (#704) 
* Remove method `getId()` from all lessons as it defaults to the class name

* remove clean up endpoint

* remove unused class `RequestParameter`

* remove unused class `PluginLoadingFailure`

* Move `CourseConfiguration` to lesson package

* Add more content around the lesson template lesson and make it visible as a lesson in WebGoat

* Remove explicit invocation `trackProgress()` inside WebGoat framework so assignments only need to return an `AttackResult`

* Put original solution back as well for SQL string injection

* review comments

* Add
 2019-11-17 13:39:56 +01:00
Nanne Baars
f40b6ffd31 Moving back to snapshot 2019-11-13 12:27:26 +01:00
Nanne Baars
fe2ac1b8d4 New release, updating pom.xml 2019-11-12 09:22:45 +01:00
Nanne Baars
f7b794bf68 Race condition in counting number of attempts #567 (#697) 
Add version to Hibernate mapping so we get optimistic locking this solves
number of parallel calls trying to update/guess and mess with the lesson
counter
 2019-11-03 18:14:15 +01:00
Nanne Baars
1a83e2825e Code style (#696) 
* Remove Guava dependency from WebGoat

* Add Checkstyle to the project with very basic standards so we have a
style across lessons. It does not interfere with basic Intellij formatting
 2019-11-03 18:11:09 +01:00
Nanne Baars
710adfae20 Upgrade to latest Spring Boot version 2019-10-30 08:28:14 +01:00
Nanne Baars
9b87fd602c Explicitly set session persistence to false (result in non serializable exception) 2019-10-30 08:28:14 +01:00
Nanne Baars
689e3de7a4 Final changes for splitting SQL WebGoat and lessons 2019-10-30 08:28:14 +01:00
Nanne Baars
25dae3a4a8 Fix merge request 2019-10-30 08:28:14 +01:00
Nanne Baars
2a6b3d189e Disable csrf through property no longer works and we already have it in WebSecurityConfig. Thymeleaf templates caching is set on the resolvers themselves 2019-10-30 08:28:14 +01:00
Rene Zubcevic
1f00d461a8 cleaned logs and changed username length for csrf-uuid 2019-10-15 13:59:18 +02:00
Rene Zubcevic
8d7142e6d3 upgrade ascii doc with support for link in new tab 2019-10-15 13:55:34 +02:00
René Zubcevic
e0ac4a1083
lessons in correct order and scoreboard visible again (#680) 2019-10-10 09:45:43 +02:00
René Zubcevic
663224d06a
xxe path info (#670) 
* xxe path info aid added

* xxe path info aid added

*  changes to template file and hints

* added ssl test support for XXE

* added ssl test support for XXE

* restconfig replaced by httpsrelaxed

* processed review comments on hints and example
 2019-10-02 09:59:32 +02:00
René Zubcevic
0319c477b1
XSS lesson completion fixes (#669) 
* XSS lesson completion fixes

* removed log all

* lesson progress capable of deprecated assignments in the database

* fixed unit test for lesson progress
 2019-09-29 14:46:18 +02:00
Nanne Baars
d080b3ef06 Review comment 2019-09-24 07:36:49 +02:00
Nanne Baars
35c1305ce9 Merge conflicts resolved 2019-09-23 07:34:27 +02:00
Nanne Baars
261f947777 Fix 2019-09-20 17:45:33 +02:00
Nanne Baars
c8ef848657 Fix 2019-09-20 17:36:15 +02:00
Nanne Baars
6fe5831f11 FIx? 2019-09-20 16:46:26 +02:00
Nanne Baars
cf00454f8b Testing issue 2019-09-20 08:30:07 +02:00
Nanne Baars
e8d086ac9b All successful 2019-09-20 07:59:04 +02:00
Nanne Baars
82ad0a7cc7 Finally working 2019-09-18 17:53:43 +02:00
René Zubcevic
4777dab57a review comments processed 2019-09-18 17:46:32 +02:00
Rene Zubcevic
ec236a4ff5 First steps in XXE integration tests 2019-09-18 14:48:34 +02:00
Nanne Baars
f774364461 Working unit tests 2019-09-13 20:05:25 +02:00