dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,731 Commits 11 Branches 78 Tags
Commit Graph

1731 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jason White
b41751a55c missing function level ac working again ... after VM implosion 2017-08-08 17:15:20 -06:00
Jason White
8df1d53471 interim missing function ac commit, traversing dev. env. 2017-08-08 09:28:09 -06:00
Jason White
06bf690a3a Merge remote-tracking branch 'upstream/develop' into develop 2017-08-02 19:12:29 -04:00
Jason White
10e5edbc36 temp. removal of offending UT 2017-08-02 19:06:55 -04:00
Nanne Baars
49621c637f Upgraded to latest in memory MongoDB (due to download link no longer working) 2017-07-26 05:07:15 +02:00
Nanne Baars
0b92a57f77 WebGoat no longer runs as root in the Docker container. 2017-07-26 05:06:40 +02:00
Nanne Baars
b06fb72a74 Fixed typo 2017-07-25 17:41:37 +02:00
Jason White
f1a104f0ab merging missing function-level-ac lesson 2017-07-25 09:44:10 -04:00
Jason White
8186bd4766 css and xss updates 2017-07-24 18:05:57 -04:00
Jason White
c44186f986 start of missing function ac lesson 2017-07-24 16:26:23 -04:00
Jason White
ca4b0c06b5 lesson css file 2017-07-24 11:34:10 -04:00
misfir3
c87f75ed18 Merge pull request #375 from misfir3/develop 
Minor Updates to Categories and IDOR hints
 2017-07-19 16:45:38 -04:00
Jason White
fc05a68ef7 update to IDOR hints 2017-07-19 16:00:10 -04:00
Jason White
dce962bdeb Updating Category ordering, closer to T10 2017-07-19 15:54:50 -04:00
Paul Moreno
8a2499c56a Update to README.MD (#372) 
Providing instructions on how to change listening IP address.
 2017-07-19 09:55:10 -04:00
Jason White
9e1e4c1d2a Merge remote-tracking branch 'upstream/develop' into auth-bypass 2017-07-19 08:58:24 -04:00
Jason White
b57cfd06b1 Started testing. Having issues, but commiting stubs and making ticket to return 2017-07-19 08:56:48 -04:00
Jason White
89bfc3f12d fixing image 2017-07-18 17:54:50 -04:00
Jason White
9b643728f8 verify account assignment hints 2017-07-18 17:48:57 -04:00
Jason White
0cb4faf15f refactor to support cleaner scoping && success and failure callbacks 2017-07-18 17:39:58 -04:00
Jason White
ce7c271bb5 initial cut on auth-bypass lesson 2017-07-18 15:59:46 -04:00
misfir3
cac1fb17e4 minor update to getting started file 
Updating Base Class section/description
 2017-07-12 16:59:13 -04:00
Jason White
bf06d645a1 Merge remote-tracking branch 'upstream/develop' into develop 2017-07-10 10:18:12 -04:00
misfir3
10481cb63d lesson overview updates (#369) 
* Lesson Overview updates

* including restart lesson fix for lesson overview
 2017-07-10 08:33:28 -04:00
misfir3
82ef171a50 XSS Lesson Modifications (#367) 
* initial cut on XSS, need to add some tests still

* initial unit tests for assignment endpoints

* updating header comment license thingy

* comment, clean up

* Stubs for security unit test

* Additional Unit Testing

* isEncoded and isNotEncoded Unit Tests added

* http-proxies updates

* update for XXE solutions

* Work-around to handle special chars in action ... currently to be able to match {userId} in hint creation/assignment for IDOR

* IDOR hints updated

* mitigation content update

* mitigation content update ... 2

* Lesson Overview updates

* including restart lesson fix for lesson overview
 2017-07-10 08:33:10 -04:00
Jason White
fb65534355 Merging from 'injection-updates' into local develop branch 2017-07-03 15:22:02 -04:00
Jason White
2e4e4ea716 including restart lesson fix for lesson overview 2017-07-03 12:37:15 -04:00
Jason White
daaf361dd2 Lesson Overview updates 2017-07-03 12:14:01 -04:00
Jason White
921561cf32 mitigation content update ... 2 2017-06-27 11:33:39 -04:00
Jason White
ebb851b361 mitigation content update 2017-06-27 11:28:16 -04:00
Jason White
296723508b IDOR hints updated 2017-06-27 10:26:22 -04:00
Jason White
89e2fc109c Work-around to handle special chars in action ... currently to be able to match {userId} in hint creation/assignment for IDOR 2017-06-27 10:24:38 -04:00
Jason White
dd18e68660 merge of upstream, conflict resolution 2017-06-27 08:30:58 -04:00
Jason White
3a9bb946ed update for XXE solutions 2017-06-27 08:27:06 -04:00
Jason White
3ec5b8708e clean up of unneeded stuff in pom 2017-06-23 14:46:40 -04:00
Jason White
ccb4e3813b #353 - lesson template/guide 2017-06-23 14:46:09 -04:00
Nanne Baars
b304dbb552 Changed to develop for coverage 2017-06-20 09:44:12 +02:00
Nanne Baars
edceba73fe - Added testcases for bypassing frontend validation. 
- Improved layout of the lesson
- Fixed JavaScript issues with 'let'
 2017-06-16 01:16:31 +02:00
Nanne Baars
bf210de013 Added testcase for SQL lesson 6b 2017-06-16 00:33:02 +02:00
Nanne Baars
e808abd504 Added testcase for SQL lesson 6a 2017-06-16 00:23:40 +02:00
Nanne Baars
f1fd214580 Added more testcases for the SQL lesson 12 2017-06-15 23:49:03 +02:00
Nanne Baars
7809057208 Enabled the challenges again to make them visible for everybody who starts WebGoat 2017-06-15 23:38:04 +02:00
Nanne Baars
36ad73c800 Added more mitigations for XXE 2017-06-15 23:36:51 +02:00
Nanne Baars
e9ad20cb30 Make sure we clean all the files below the .webgoat dir 2017-06-15 19:08:19 +02:00
Nanne Baars
a484467419 Adding extra lesson for order by clauses 2017-06-15 19:08:19 +02:00
Nanne Baars
ee912f734b Added SQL injection from challenge to lesson and added content for a blind sql injection 2017-06-15 19:08:19 +02:00
Nanne Baars
0740c4ba95 Split large SQL lesson 2017-06-15 19:08:19 +02:00
Nanne Baars
b048988d2f Changed layout of the html tampering lesson and fixed some JavaScript issues. Added a small mitigation page. 
Moved the lessons concerning client side validation to client side category
 2017-06-13 03:22:19 +02:00
Nanne Baars
09d8fef50e Merge branch 'develop' of github.com:WebGoat/WebGoat into develop 2017-06-12 20:02:30 +02:00
Michal Smolík
870fa000aa bypass front-end restrictions (javascript validation) 2017-06-13 10:09:39 +02:00