|
|
fc2c99bcb4
|
Limit the username to letters and digits only
|
2018-05-29 16:16:52 +02:00 |
|
|
|
60ef35e241
|
Working lesson
|
2018-05-23 14:28:19 +02:00 |
|
|
|
9d7886d572
|
More JWT work
|
2018-05-23 14:28:19 +02:00 |
|
|
|
ea9c1a453d
|
Initial version for JWT
|
2018-05-23 14:28:19 +02:00 |
|
|
|
84860e65f6
|
Insecure Deserialization exercise
|
2018-05-23 13:58:03 +02:00 |
|
|
|
8050a2b56d
|
XXE lesson not showing correct link for WebWolf
|
2018-05-01 21:54:28 +02:00 |
|
|
|
e4ca0c4836
|
Make report working again
|
2018-04-27 19:26:01 +02:00 |
|
|
|
e422da4c64
|
Polling for lesson updates (updates the menu and page navigation)
|
2018-04-27 18:50:13 +02:00 |
|
|
|
245ba2c3d1
|
Fix XXE lesson, the exact .webgoat directory including version number will be put in the lesson.
|
2018-04-24 20:44:05 +02:00 |
|
|
|
672d78eebc
|
Resource bundle in UTF-8
|
2018-04-23 16:12:50 +02:00 |
|
|
|
b99b554522
|
Version: docker 8.0.0.M9 Multiple users can't finalize the same lesson #432
|
2018-01-29 15:29:48 +01:00 |
|
|
|
ee11381a63
|
Fixed database issue mappings
|
2018-01-21 17:13:28 +01:00 |
|
|
|
2cc6c232e2
|
Added macro for asciidoc to produce the WebWolf link dynamically depending on configuration
|
2018-01-15 20:56:59 +01:00 |
|
|
|
a6b9235711
|
SQL Error '-104' in XSS Lesson Page 7 #416
|
2018-01-10 12:48:45 +01:00 |
|
|
|
c6e86861fe
|
Removed Mongodb, so we do not have issues with downloading the embedded Mongodb. Moved back to JPA and use HSQLDB for storing user information.
|
2017-12-29 22:12:21 +01:00 |
|
|
|
dd7f4074cd
|
Added encoding for asciidoc
|
2017-12-28 00:16:16 +01:00 |
|
|
|
43b82027f5
|
Added more content for CSRF lesson
|
2017-11-22 01:34:05 +01:00 |
|
|
|
5eed385d5d
|
When an adoc file cannot be found the complete lesson crashed, made it failsafe with a logging statement.
|
2017-11-17 07:08:24 +01:00 |
|
|
|
fc1353b2f1
|
Pom cleanup
|
2017-11-02 16:14:44 +01:00 |
|
|
|
3ee1a1ca16
|
Travis now builds Docker and create a Github release.
Removed ActiveMQ between WebGoat and WebWolf they now act as standalone applications
|
2017-10-18 10:54:16 +02:00 |
|
|
|
d0ec84e9a6
|
Merge remote-tracking branch 'upstream/develop' into develop
|
2017-10-11 20:29:47 -06:00 |
|
|
|
b156d81535
|
Initial cut on CSRF. More to come
|
2017-10-11 20:06:57 -06:00 |
|
|
|
46c536554c
|
- Added new challenges
- Added new webapplication called WebWolf to make attacks more realistic
- Added WebWolf lesson to explain the concepts behind this new application
|
2017-09-12 23:12:10 +02:00 |
|
|
|
b41751a55c
|
missing function level ac working again ... after VM implosion
|
2017-08-08 17:15:20 -06:00 |
|
|
|
8df1d53471
|
interim missing function ac commit, traversing dev. env.
|
2017-08-08 09:28:09 -06:00 |
|
|
|
c44186f986
|
start of missing function ac lesson
|
2017-07-24 16:26:23 -04:00 |
|
|
|
dce962bdeb
|
Updating Category ordering, closer to T10
|
2017-07-19 15:54:50 -04:00 |
|
|
|
ccb4e3813b
|
#353 - lesson template/guide
|
2017-06-23 14:46:09 -04:00 |
|
|
|
e9ad20cb30
|
Make sure we clean all the files below the .webgoat dir
|
2017-06-15 19:08:19 +02:00 |
|
|
|
a484467419
|
Adding extra lesson for order by clauses
|
2017-06-15 19:08:19 +02:00 |
|
|
|
b048988d2f
|
Changed layout of the html tampering lesson and fixed some JavaScript issues. Added a small mitigation page.
Moved the lessons concerning client side validation to client side category
|
2017-06-13 03:22:19 +02:00 |
|
|
|
129e9deba9
|
Added testcase for SQL injection lesson
|
2017-05-21 16:40:52 +02:00 |
|
|
|
877de6ebd4
|
Updated XXE lessons with challenge screens
|
2017-05-21 12:24:42 +02:00 |
|
|
|
cae937c83e
|
Updated menu item for challenges
|
2017-05-03 11:51:24 +02:00 |
|
|
|
194a327ad5
|
Fixed issue when restarting the lesson the menu was not updated (the marker stayed behind)
Also restarting the lesson was not persisted
|
2017-05-03 05:08:00 +02:00 |
|
|
|
454e8d4c14
|
Solving an assignment twice adds its again which breaks the UI because the endpoint for lessonoverview returns mulitple values for the same assignment.
|
2017-05-02 04:38:30 +02:00 |
|
|
|
b0f66f16fb
|
initial plumb of scoreboard
|
2017-05-02 22:24:31 -04:00 |
|
|
|
615ca5afe3
|
Posting a flag shows a response in the UI (correct or incorrect)
|
2017-05-02 03:25:31 +02:00 |
|
|
|
a134b25213
|
Scoreboard now returns the flags captured (title)
|
2017-05-02 02:45:35 +02:00 |
|
|
|
eb7a6bd2be
|
Creating endpoint for the scoreboard
|
2017-05-02 02:29:47 +02:00 |
|
|
|
2f72ac4add
|
Merge branch 'develop' into challenge
|
2017-04-16 08:54:34 +02:00 |
|
|
|
a63bf006d6
|
Language of the browser not english will crash WebGoat during loading of the asciidoc. This is due to the fact we always presume the lesson plan is available in the browser language. It now falls back to 'en' whenever the lesson cannot be found with the language obtained from the browser.
|
2017-04-16 07:52:30 +02:00 |
|
|
|
d66db56c86
|
Added test for LessonMenuService.
|
2017-04-16 07:28:35 +02:00 |
|
|
|
7054c44c40
|
Fixed sorting issue with lessons, in particular the challenges need to be ordered so the intro is displayed first
|
2017-04-16 05:57:40 +02:00 |
|
|
|
3ccfcac8ff
|
Challenge 4 done
|
2017-04-16 05:14:47 +02:00 |
|
|
|
213e73bf02
|
Making database for each user (no sharing between each other)
|
2017-04-15 18:11:55 +02:00 |
|
|
|
6f633a0f78
|
Added the ability to remove all *.progress files when starting the server (for development). This is sometimes necessary when the internal structure of the lessons change but we still use old progress files.
|
2017-04-15 14:01:11 +02:00 |
|
|
|
eb13ebc26f
|
Assignments were not grouped per lesson in the same package
|
2017-04-15 13:59:57 +02:00 |
|
|
|
ec338326ea
|
Separating challenges
|
2017-04-15 11:37:43 +02:00 |
|
|
|
ebf2f9d864
|
wip
|
2017-04-15 11:37:43 +02:00 |
|
