dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,205 Commits 11 Branches 78 Tags
Commit Graph

2205 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nanne Baars
a56f41e0ea Merge branch 'pr/579' into develop 2019-09-10 13:55:43 +02:00
Nanne Baars
43c25dc3bb Modified PR to reflect coding style 2019-09-10 13:53:30 +02:00
René Zubcevic
6e9a52a05e
Merge pull request #647 from WebGoat/separate_project 
Nice work. I will add some tests for the missing parts in the SQL mitigations (in a separate pull request)
 2019-09-09 14:05:21 +02:00
Nanne Baars
f7c8a271aa Fixed small typos 2019-09-09 13:55:24 +02:00
Nanne Baars
7a4f6e6fd3 Merge branch 'JeffreyWagnerBHN-develop' into develop 2019-09-09 13:54:38 +02:00
ephemeralwaves
aec051a9f1 Fixed minor spelling mistake 2019-09-09 13:41:38 +02:00
Nanne Baars
bf52e7a992 Fixed checking of server already running 2019-09-09 11:37:26 +02:00
Nanne Baars
0982bd982c Review comments processed: 
- Ports can now be changed
- User is now a default user making it easier to login and look around after a failure
 2019-09-08 18:52:12 +02:00
Jeffrey Wagner
75a174ff7b Fixed description and grammer 2019-09-06 21:12:55 -04:00
Nanne Baars
2283f945a9 Fix failing configuration 2019-08-25 17:53:36 +02:00
Nanne Baars
ff530e926e Use separate project for integration tests so we can start WebGoat and WebWolf 2019-08-25 17:43:14 +02:00
Matthias Grundmann
139651615e Make lesson csrf-7 stricter (do not allow invalid JSON, e.g. trailing =) 2019-08-22 17:44:52 +02:00
René Zubcevic
924a53c22a fixed sql adv 5 progress and added prove in integration test 2019-08-22 17:44:34 +02:00
René Zubcevic
c93563da3f
Merge pull request #643 from TortugaAttack/multipleTracker45 
Fixed #642 - multiple tracker for one user fixed
 2019-08-22 15:07:59 +02:00
René Zubcevic
73553d91d3
Merge pull request #639 from jskiba99/patch-2 
Update CrossSiteScripting_content9.adoc
 2019-08-22 11:14:38 +02:00
TortugaAttack
f0d1555a09 Fixed #45 - multiple tracker for one user fixed 2019-08-21 23:38:27 +02:00
Nanne Baars
6d36e7db74 Added new endpoint for POST so it will give feedback to the UI. It now 
ended up in a HTTP/405 which does not give any feedback to the UI
 2019-08-17 13:52:59 +02:00
Nanne Baars
e01c2a35ce Add test case for security question assignment and the tracking is now 
done with a session scoped bean
 2019-08-06 19:04:07 +02:00
Jacob Skiba
7d9f24c86b
Update CrossSiteScripting_content9.adoc 
Fix broken resource link
 2019-08-06 05:26:05 -04:00
Nanne Baars
18eee4df58 Fix for issue with timestamp not being parsed when sending to WebWolf 
timestamp was already fixed at LocalDateTime.now() however WebGoat still
send the timestamp along, removed it
 2019-07-28 20:50:19 +02:00
Nanne Baars
e61c943f97 #601 bug: username is case sensitive, but email in general is not 
Opted for completing remove support for uppercase letters in username
this way we never come across issued with casing in WebGoat
 2019-07-28 20:48:20 +02:00
René Zubcevic
d2e23f6b8e reduce logging 2019-07-25 20:17:52 +02:00
René Zubcevic
ffbc808e26 Integration test support 2019-07-25 20:17:52 +02:00
René Zubcevic
ae674b9297
Merge pull request #620 from zubcevic/july2019-bugfixes 
increased sql form fields and fixed chrome progress
 2019-07-25 08:39:34 +02:00
Nanne Baars
33c73a7dca Adding new developer 2019-07-24 20:37:32 +02:00
Nanne Baars
216b29fca2 Clean up in pom files 2019-07-24 20:37:32 +02:00
misfir3
ee0988effe
Merge pull request #627 from WebGoat/gh-jwhite-patch-1 
Delete do-not-merge.md
 2019-07-23 14:19:26 -06:00
gh-jwhite
67440a6cc8
Delete do-not-merge.md 
removing earlier test file
 2019-07-23 14:18:51 -06:00
gh-jwhite
6c8921a951
Merge pull request #625 from WebGoat/another-ci-fail-test 
Create do-not-merge.md
 2019-07-23 11:41:35 -06:00
gh-jwhite
b395be9bd0
Create do-not-merge.md 
testing a status check/branch protection thing
 2019-07-23 10:38:25 -06:00
Rene Zubcevic
7ad3996f2f fix 6a6b page 2019-07-22 15:36:31 +02:00
Rene Zubcevic
b65644edee progress fix for SqlInjectionMitigations 2019-07-22 12:16:18 +02:00
Rene Zubcevic
ea38973068 UTF-8 config added for ThymeLeaf 2019-07-22 08:21:34 +02:00
René Zubcevic
7d0a63ac95 small html changes to improve progress 2019-07-20 09:34:27 +02:00
René Zubcevic
f9e78739f3 reverted mandatory file encoding which will make it worse on windows 2019-07-20 09:13:21 +02:00
Rene Zubcevic
656fa40182 style sheet and advanced sql 2019-07-19 16:49:30 +02:00
Rene Zubcevic
99435a1073 increased sql form fields and fixed chrome progress 2019-07-19 12:16:06 +02:00
Johannes Egger
9471e53818 Fix image names for google chrome dev tools lesson 2019-07-14 12:40:05 +02:00
Johannes Egger
d814522223 Fix test for HTTP proxy lesson 2019-07-14 12:39:07 +02:00
Johannes Egger
2eaf263e81 Improve task description for HTTP proxy lesson 2019-07-14 12:39:07 +02:00
Rene Zubcevic
41f252970b corrected path in pom 2019-07-14 12:38:11 +02:00
Rene Zubcevic
63a1097466 owasp categories 2019-07-14 12:38:11 +02:00
Sylvain Juge
bc0d803123 add login&pwd in JDBC url for PostgreSQL 
I really don't know why exactly spring parameters are not used here,
probably for schema creation step. Until changing what the application does on startup
this will make it 'just work' without extra changes.
 2019-07-14 12:29:51 +02:00
Rene Zubcevic
12de48ebbb additional environment entries to support https on webgoat 2019-07-14 12:18:07 +02:00
misfir3
62fbd6d340
Merge pull request #610 from johannesegger/patch-1 
Fix typo in CIA lesson
 2019-07-12 17:21:46 -06:00
misfir3
e36b4c3910
Merge pull request #618 from matthias-g/csrf-3-post 
Do not allow trivial solution to CSRF-3
 2019-07-12 17:16:23 -06:00
Matthias Grundmann
97f66545e0
In CSRF-3 use POST instead of GET to prevent solving the assignment just by opening the URL in a new tab 2019-07-12 17:25:58 +02:00
Nanne Baars
27125acd22 Fix issue with maven wrapper using TLS 1.2 as it no longer is supported 2019-07-09 20:19:54 +02:00
Nanne Baars
1aa98be908 Fix issue with maven wrapper using TLS 1.2 as it no longer is supported 2019-07-09 20:18:54 +02:00
Sylvain Juge
cb667094f2 update jar plugin version 2019-07-09 19:11:52 +02:00