dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
394 Commits 11 Branches 78 Tags
b22a537130f1547a6e5f8e47d9e9388ce5d0c21e
Commit Graph

394 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
white.tiger.russia@gmail.com
b22a537130 Create directories ru/en/de and copy there plans of lessons. In ru-directory i put english files for translate them in future. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@421 4033779f-a91e-0410-96ef-6bf7bf53c507
 2011-05-22 11:22:28 +00:00
mayhew64@gmail.com
77a6dd70a1 Changed google checkout text 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@420 4033779f-a91e-0410-96ef-6bf7bf53c507
 2010-11-17 18:03:06 +00:00
mariethuynh
2a9bdf625f typo 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@419 4033779f-a91e-0410-96ef-6bf7bf53c507
 2010-03-28 02:08:12 +00:00
mariethuynh
5be9bb865d fixed URL, typos 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@418 4033779f-a91e-0410-96ef-6bf7bf53c507
 2010-03-23 00:31:43 +00:00
mayhew64@gmail.com
3064bfe3db Added a step to add the lesson plan for new lessons 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@417 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-11-11 19:42:29 +00:00
mayhew64@gmail.com
d5c884a891 Fixed new lesson instructions location to match new file structure 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@416 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-11-11 18:45:30 +00:00
mayhew64@gmail.com
5ec55cbe2c More readme tweaks, fixed the delete command in the SQL Server startup 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@413 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-11-11 04:04:25 +00:00
mayhew64@gmail.com
4f37069f0c Slight mods to add unzip and click to run instructions 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@412 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-11-11 03:58:29 +00:00
mayhew64@gmail.com
442e8a6cce Minor changes to missing internationalization text and startup scripts. Removed internationalization choices for lessons that don't support it 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@411 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-11-11 03:34:14 +00:00
mayhew64@gmail.com
5db533f9ee Fixed some broken formatting on screen layout, added the Malicious code to the hidden lessons until real lessons can be built 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@410 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-11-09 03:58:08 +00:00
mayhew64@gmail.com
12a4e91285 General cleanup of lesson, removed sub credit from csrf lesson, add cam credit as lesson contributor 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@409 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-11-09 01:49:41 +00:00
mayhew64@gmail.com
c3a50177b0 Added some detail to the readme and moved some docs that are no longer relevant to the attic. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@408 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-11-09 01:07:55 +00:00
ch.ko123
b68b671a3d added configuration for starting Tomcat from Maven 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@407 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-11-08 16:43:00 +00:00
ch.ko123
86df73d16d moved scripts to main/scrips and remaining stuff to doc 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@406 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-11-05 21:03:36 +00:00
ch.ko123
dcc7476e27 removed jars, as dependencies are now pulled from the maven repo 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@405 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-11-05 20:30:23 +00:00
ch.ko123
11845f60de make webgoat run on tomcat 5.5 again 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@404 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-11-05 20:00:55 +00:00
ch.ko123
35ecb109cf added paragraph about tomcat to README.txt 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@403 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-11-02 22:40:20 +00:00
ch.ko123
792d66e189 added wtp configuration to pom 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@402 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-11-02 22:20:12 +00:00
ch.ko123
751e4c404a moved doco 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@401 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-11-01 21:12:40 +00:00
ch.ko123
692461b7a6 moved doc folder 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@400 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-11-01 20:06:23 +00:00
ch.ko123
03768fa4f7 updated readme 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@399 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-11-01 19:44:33 +00:00
ch.ko123
7a19763a09 removed xml-apis from pon 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@398 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-11-01 18:45:25 +00:00
ch.ko123
123a2d764f README.txt for Maven build added 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@397 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-11-01 16:01:47 +00:00
ch.ko123
87f09e5c92 moved property files to src/main/resources 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@396 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-11-01 15:08:35 +00:00
ch.ko123
16ad95bc8e added resources dir, removed catalina.jar which is only a build dependency 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@395 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-11-01 12:51:57 +00:00
ch.ko123
e5730814c8 renamed main->src regarding to Maven conventions 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@394 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-11-01 11:54:43 +00:00
ch.ko123
95643f4b2b renamed project->main regarding to Maven conventions 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@393 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-11-01 11:16:30 +00:00
ch.ko123
791341000c renamed JavaSource -> java, WebContent -> webapp regarding to Maven convention 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@392 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-11-01 11:04:59 +00:00
ch.ko123
bb15524a7a restored setAdmin method removed in r389 to make the trunk compile again 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@391 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-11-01 10:39:29 +00:00
chuck@securityfoundry.com
e15957ad68 Added 3 new lessons. Some strings are in the properties files, but not all. Modified CreateDB.java in order to create a new salaries table used by the new SQL injection lessons. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@390 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-30 04:53:19 +00:00
mjawurek
fc08681d89 A first attempt at internationalization of WebGoat. For complete internationalization WebGoat needs two things: 
1. Every text passage/label that appears in lessons must independent of the current language set for WebGoat.
2. Every lesson plan and solutions must be translated for each supported language.
Number 1 is achieved by using webgoat/util/WebgoatI18N.java and by having every output routed through this piece of code. You no longer say hints.add("Lesson Hint 1"); or ....addElement("Shopping Cart")) but you in the lesson you say hints.add(WebGoatI18N.get("Lesson Hint1")) or ....addElement(WebGoatI18N.get("Shopping Cart"). Then WebGoatI18N looks up the corresponding string for the language set as the current lanuage and returns it.
Number 2 is achieved by having subdirectories in lesson_plans corresponding to every language. That means, a lesson that has been translated to Spanish and German will be found in lesson_plans/English and lesson_plans/Spanish and lesson_plans/German.

This is how WebGoat finds out about available languages: in Course.java in loadResources() it looks for lesson plans.
Unlike before, now a lesson plan can be found multiple times in different "language" directories. So for every directory the lesson plan is found in, WebGoat associates this language with the lesson and also lets WebGoatI18N load the appropriate WebGoatLabels_$LANGAUGE$.properties file which contains the translations of labels.
So this is what you have to do for a new language:
First of all, you have to copy and translate every lesson plan that you need in the new language, and then you also have to create a WebGoatLabels_$LANGUAGE$.properties file with that labels that will be used in these lessons. Atm WebGoat crashes throws an exception when a label is missing but this can be sorted out quickly. 

git-svn-id: http://webgoat.googlecode.com/svn/trunk@389 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-26 15:58:15 +00:00
mayhew64@gmail.com
826b9e73bc Malcode samples - need to turn into lessons 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@388 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-26 11:24:12 +00:00
cam.morris
d971d2f734 Including one small documentation change: giving credit to Sherif Koussa's original CSRF lesson 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@387 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-23 21:29:42 +00:00
cam.morris
85c6843ee4 This change includes two additional CSRF lessons. One for 
by-passing a prompt (showing why prompts don't work).  The second for
by-passing CSRF tokens when XSS exists. 

It also modifies the existing CSRF lesson so that the lesson
can be extended and used by the two new lessons.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@386 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-23 21:23:17 +00:00
chuck@securityfoundry.com
72936c72b9 Three new lessons and supporting files and changes to other files. Some changes to other files may not be quite the "right" way to accomplish my goal, so they may need to be updated. I deleted the old BlindSQLInjection lesson (which was by me) since it is replaced by the two new lessons for BlindNumericSqlInjection and BlindStringSqlInjection. Other new lesson is for MaliciousFileExecution, which requires the Apache Commons fileupload library (which in turn needs the commons io library). 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@385 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-20 04:30:00 +00:00
chuck@securityfoundry.com
cef196e172 Re-adding .jar file that appears to have been removed recently. Re-adding this file should fix build some build errors. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@384 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-20 03:56:46 +00:00
ch.ko123
c00b8b2dfe initial version of pom.xml 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@383 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-12 21:06:55 +00:00
ch.ko123
271d746153 infos to dependencies 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@382 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-11 15:19:25 +00:00
ch.ko123
34270c8931 replaced jars with versions from maven repo to prepare migration 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@381 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-11 13:47:42 +00:00
ch.ko123
24acd5081d replaced jars with versions from maven repo to prepare migration 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@380 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-11 11:07:01 +00:00
ch.ko123
c719c47128 replaced axis jars with versions from maven repo; removed catalina.jar no longer needed 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@379 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-10 23:39:11 +00:00
ch.ko123
87ce172faa fixed typo (Issue 29) - test commit 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@378 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-07 21:15:11 +00:00
mayhew64@gmail.com
f5200a8fd0 5.3 Logo 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@377 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-02-04 13:06:48 +00:00
mayhew64
0032ffdbfc Changed the credit card user to be the user that was logged in as. Also base64 encoded the user cookie to make finding sql injection slightly harder. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@376 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-02-03 18:16:51 +00:00
mayhew64
cafcea2ae9 Changed the class build. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@375 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-02-03 17:56:48 +00:00
mayhew64
88a730f225 Removed errors introduced in previous checkin. String and integer conflicts in JSP 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@374 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-02-03 17:55:27 +00:00
soylentmean
97571dbe90 Lots of wording changes and HTML fixes. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@373 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-01-06 21:06:42 +00:00
soylentmean
5506f1c279 Fixing wording a smidge. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@372 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-01-06 20:19:22 +00:00
mayhew64
9331ef0d9a Changes by Chris Roe to fix lesson issues with FireFox. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@371 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-12-17 13:06:29 +00:00
soylentmean
6d1158c40c fixed a typo 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@370 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-12-11 21:15:20 +00:00