dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
200 Commits 11 Branches 78 Tags
add34a24dc448c2cbebb80cc5f717f576f8b56a2
Commit Graph

91 Commits

Author SHA1 Message Date
rogan.dawes
fb76b4916f Unify web.xml files. Also update the webgoat contact email address 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@202 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:37:42 +00:00
rogan.dawes
f9b5f8eddf Show completion of individual lesson stages 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@201 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:37:31 +00:00
rogan.dawes
002dbbf53c Point the windows config file to use the HSQLDB database 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@198 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:36:11 +00:00
rogan.dawes
c1ddbd078f Correctly specify an in-memory database 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@195 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:35:31 +00:00
rogan.dawes
7af27f7d1b Make per-user in-memory databases actually work 
Previously we would just get a connection to the same database, regardless
of the user specified in the connect string. Trying to create
HSQLDB users did not seem to work. Non-ADMIN users don't have
CREATE TABLE privileges, it seems, and I couldn't find docs that
describe how to GRANT CREATE TABLE privileges. Go figure.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@192 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:34:53 +00:00
rogan.dawes
d04371884b Allow WebGoat to create per-user databases 
This creates the infrastructure to allow WebGoat to create per-user
databases, so that any modifications made by one user do not affect
other users. Some lessons may have made provision for this internally
(e.g. CrossSiteScripting lesson), but this simplifies things generally.

This also switches the default database from Access on windows, and
Enhydra on Unix/other platforms to using HSQLDB, in an "in-memory"
configuration. We may get performance problems from having too many
instances of the database in memory at once at sites that have 10's
of users banging on a central WebGoat. Only time will tell.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@190 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:34:14 +00:00
rogan.dawes
e41a5ca395 Removed unused code that was generating warnings 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@187 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:32:31 +00:00
rogan.dawes
d709ff9506 Fix warnings 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@185 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:31:42 +00:00
rogan.dawes
9ea97126b8 Use AbstractLesson.getLink() and getFormAction() more 
Rather than constructing URL's manually all the time, rather
make use of existing mechanisms to create the URL, and use
it consistently.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@184 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:31:11 +00:00
rogan.dawes
e27aaccb45 Make multi-stage lessons show the individual stages in the menu 
While we are about it, make AbstractLesson.getLink() include
the category (i.e. menu), so that the menu selection script
will still work.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@183 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:29:53 +00:00
rogan.dawes
84f3b5033d Minor changes to the challenge screen 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@181 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:29:15 +00:00
rogan.dawes
47a7619652 Fixes: Make sure procedures are created in the right scope/user 
Also, create the EMPLOYEE table first, since Oracle checks for it


git-svn-id: http://webgoat.googlecode.com/svn/trunk@176 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:56:41 +00:00
rogan.dawes
afb5b9e740 SQLPLUS does not process CREATE PROCEDURE lines without a trailing / 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@175 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:56:33 +00:00
rogan.dawes
7bb2c087a0 Add lesson plans for the DB labs 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@174 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:56:26 +00:00
rogan.dawes
d1fe861a75 Add a DB Cross Site Scripting lesson 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@173 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:56:13 +00:00
rogan.dawes
73035769aa Add stored procedures for the DB Cross Stie Scripting Lesson 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@172 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:55:32 +00:00
rogan.dawes
bc2faede19 Add a new DBSQLInjection lesson 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@171 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:55:23 +00:00
rogan.dawes
17fe003f2f Add stored procedures for the SQL Injection lesson 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@170 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:54:33 +00:00
rogan.dawes
1bcb2f6539 Add an SQL file to set up the Oracle DB and WebGoat user 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@169 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:54:23 +00:00
rogan.dawes
26ed31df68 Only show the stage controls if the lesson is not complete 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@167 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:53:59 +00:00
rogan.dawes
cb794dcb50 Calculate the stage changes correctly 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@161 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:52:23 +00:00
rogan.dawes
851974d7ce Remove strange stage transition code. 
It may be necessary, but I can't figure out what it is supposed to be doing


git-svn-id: http://webgoat.googlecode.com/svn/trunk@160 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:52:07 +00:00
rogan.dawes
2bda4a81f3 Migrate the labs to direct/Random access stages 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@158 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:51:29 +00:00
rogan.dawes
f5e56c7081 Extract the stage-related code from LessonTracker into SequentialLessonTracker 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@157 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:50:32 +00:00
rogan.dawes
a1d52a73e0 Introduce the GoatHillsFinancial "lesson" 
This "lesson" is to be used as a base for the rest of the
LAB lessons. This should help to reduce the amount of
duplication across the lessons.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@150 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:56:00 +00:00
rogan.dawes
3c2e63636c Provide a user-accessible mechanism for skipping stages 
Initially, this is only available when in debug mode
i.e. add &debug=true to the URL or set the flag in web.xml


git-svn-id: http://webgoat.googlecode.com/svn/trunk@146 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:54:12 +00:00
esheri3
20484796f9 EditProfile.jsp was missing a closing div tag. Removed some unused imports in LessonSource.java 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@124 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-04-05 15:33:51 +00:00
mayhew64
25f47916cc Rename CookieCatcher to Catcher 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@121 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-03-20 19:05:46 +00:00
mayhew64
e2e98574b5 Detailed new lesson instructions 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@120 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-03-19 19:07:00 +00:00
mayhew64
34fca43216 New Phishing Lesson 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@119 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-03-19 17:47:37 +00:00
mayhew64
a2abbfaf1e Changed tag case. removed unused import 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@116 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-02-25 18:39:38 +00:00
mayhew64
d8680dcfc3 Removed credit from New Lesson. Removed extra "." from start page 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@115 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-02-22 01:09:43 +00:00
mayhew64
81582162d3 Modified intro text to be consistent in size with new logos. Modified credits in BlindSqlInjection.java. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@114 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-02-06 15:32:12 +00:00
mayhew64
5408328434 git-svn-id: http://webgoat.googlecode.com/svn/trunk@113 4033779f-a91e-0410-96ef-6bf7bf53c507 2007-02-05 23:04:24 +00:00
esheri3
6dc383b7b4 Modified all "Aspect" lessons to include the Aspect logo. The logo links to http://aspectsecurity.com. Moved the "OWASP" logo and added an Aspect logo on the main.jsp page. Adjusted the padding of the "warning" text to prevent "Start" button overlap. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@112 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-02-02 17:56:23 +00:00
mayhew64
e748aa0e90 Changed mac_Logo.gif to macadamian.gif. Added forced browsing servlet to the appropriate web.xml files. Enhanced readme files 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@109 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-01-31 15:44:38 +00:00
mayhew64
ca46354077 Minor Cleanup of imports and user guide url 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@105 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-01-30 23:36:21 +00:00
mayhew64
0ab3ad8293 git-svn-id: http://webgoat.googlecode.com/svn/trunk@104 4033779f-a91e-0410-96ef-6bf7bf53c507 2007-01-30 16:24:15 +00:00
esheri3
82371bf0d9 Changed title (back?) to "Tracing". 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@102 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-01-26 19:43:43 +00:00
esheri3
f5dfc0698d change all instances of "trace" to "tracing" 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@99 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-01-26 19:06:42 +00:00
esheri3
f86af29210 Minor grammar fixes. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@97 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-01-25 20:35:06 +00:00
esheri3
e0479efb65 Minor grammar fix. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@91 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-01-25 19:42:25 +00:00
esheri3
94ee4db701 Minor grammar fix. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@90 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-01-25 19:39:33 +00:00
esheri3
3579be2519 Minor grammar fixes. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@87 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-01-25 19:34:46 +00:00
esheri3
62ab99b291 Minor grammar fixes. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@86 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-01-25 19:32:24 +00:00
sherif.fathy
9db0e6eeb3 Modified the logo again 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@84 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-01-25 02:08:28 +00:00
sherif.fathy
38e9a8967b Added the AoC logo 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@80 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-01-24 05:10:43 +00:00
sherif.fathy
5188039079 fixed a bug with the forced browsing lesson 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@79 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-01-24 04:25:08 +00:00
esheri3
19a0566c47 Removed DaveW from the "Design Team". 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@76 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-01-23 18:20:12 +00:00
esheri3
d474b0aac6 Grammatical correctness. Updating (Aspect) wording. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@74 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-01-23 15:33:39 +00:00