dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,366 Commits 11 Branches 78 Tags
Commit Graph

45 Commits

Author SHA1 Message Date
Nanne Baars
39740e069e New release 2020-05-22 14:10:31 +02:00
René Zubcevic
c4a046bd12
Ch1 less default (#814) 
* random pincode in challenge1

* unit test fix
 2020-05-12 08:49:48 +02:00
René Zubcevic
f520c3589c
flag submission fixed (#812) 2020-05-07 11:04:00 +02:00
René Zubcevic
832d6432fc
fix for JWT green button and WebWolf intro green button and added jwt int tests (#808) 2020-05-07 08:28:45 +02:00
René Zubcevic
f4838e1233 add int test for acl 2020-05-01 09:15:29 +02:00
René Zubcevic
9dea696c4c
added int test for IDOR and fixed green button issue (#801) 2020-04-29 12:12:11 +02:00
René Zubcevic
58bc94d1f6 fix green buttons 2020-04-22 16:37:00 +02:00
Nanne Baars
0015394582 Fix typo 2020-04-19 15:42:50 +02:00
Nanne Baars
407e19638f Add two more assignments for SQL injection where only filtering is applied. 2020-04-19 15:42:50 +02:00
René Zubcevic
9509993a8f
all tests complete for Password Reset (#785) 2020-04-17 15:54:24 +02:00
René Zubcevic
e25f7a7560 clean up and update js 2020-04-08 12:05:01 +02:00
René Zubcevic
c4ae9ae2ab migrate to JUnit 5 code 2020-04-06 16:02:15 +02:00
Nanne Baars
14022d88c9 Last assignment now filters out .. and / so encoding plays a role now 2020-03-10 08:03:48 +01:00
Nanne Baars
b3840e60e3 Fix lessons 2020-03-10 08:03:48 +01:00
Nanne Baars
6c25cf8e43 Add path traversal lesson 2020-03-10 08:03:48 +01:00
René Zubcevic
4e371b63d0
suppressing some useless log messages and banners in unit tests (#752) 
* suppressing some useless log messages and banners in unit tests

* some more log suppressed
 2020-01-25 12:11:45 +01:00
René Zubcevic
f79ad452d2 password reset support for using www.webwolf.local 2019-12-23 17:08:33 +01:00
René Zubcevic
59076fc9ef adjusted WebWolfMacro 2019-12-23 17:08:33 +01:00
René Zubcevic
b5e5dd1d13
Crypto lesson (#712) 
* crypto lesson added

* signing assignment

* integration test added for signing assignment

* added more hints

* corrections after rebase

* added some explanation

* added security defaults assignment
 2019-11-23 21:52:14 +01:00
Nanne Baars
f40b6ffd31 Moving back to snapshot 2019-11-13 12:27:26 +01:00
Nanne Baars
fe2ac1b8d4 New release, updating pom.xml 2019-11-12 09:22:45 +01:00
Nanne Baars
e07a2aff48 Fix mistake the SQL exception should be throws otherwise users cannot see the table name (servers) makes it impossible to 
solve the assignment. Add explicit test for this to guard against future mistakes
 2019-11-11 21:17:51 +01:00
Nanne Baars
f7b794bf68 Race condition in counting number of attempts #567 (#697) 
Add version to Hibernate mapping so we get optimistic locking this solves
number of parallel calls trying to update/guess and mess with the lesson
counter
 2019-11-03 18:14:15 +01:00
Nanne Baars
25dae3a4a8 Fix merge request 2019-10-30 08:28:14 +01:00
Rene Zubcevic
1f00d461a8 cleaned logs and changed username length for csrf-uuid 2019-10-15 13:59:18 +02:00
Rene Zubcevic
6dc679e7b8 final tests and fixed the issue of getting the name of the loggedinuser 2019-10-15 13:59:18 +02:00
Rene Zubcevic
00873cfe3f csrf7 test cases added 2019-10-15 13:59:18 +02:00
Rene Zubcevic
e932253f06 initial test cases added 2019-10-15 13:59:18 +02:00
René Zubcevic
18d43f16d3
working version with fixed link and GET for tracing purposes (#677) 
* working version with fixed link and GET for tracing purposes

* added integration test

* filter on request log
 2019-10-09 09:58:35 +02:00
René Zubcevic
663224d06a
xxe path info (#670) 
* xxe path info aid added

* xxe path info aid added

*  changes to template file and hints

* added ssl test support for XXE

* added ssl test support for XXE

* restconfig replaced by httpsrelaxed

* processed review comments on hints and example
 2019-10-02 09:59:32 +02:00
René Zubcevic
7536770769
deserialization made solvable again (#673) 
* first objects and unit tests for making a fix for the lesson

* example added

* unit test for windows and linux

* added unit tests hints and feedbacks and updated lesson pages

* small typo correction
 2019-10-02 08:26:48 +02:00
René Zubcevic
0319c477b1
XSS lesson completion fixes (#669) 
* XSS lesson completion fixes

* removed log all

* lesson progress capable of deprecated assignments in the database

* fixed unit test for lesson progress
 2019-09-29 14:46:18 +02:00
Nanne Baars
dad9c75ee0 Fix tests after updating from develop, changes applied for migrating to Spring Boot 2 2019-09-23 17:35:04 +02:00
Nanne Baars
35c1305ce9 Merge conflicts resolved 2019-09-23 07:34:27 +02:00
Nanne Baars
f29b923eef FIx? 2019-09-20 17:10:58 +02:00
Nanne Baars
82ad0a7cc7 Finally working 2019-09-18 17:53:43 +02:00
René Zubcevic
4777dab57a review comments processed 2019-09-18 17:46:32 +02:00
Rene Zubcevic
a5cb5b0e8e removed log in checkresults 2019-09-18 16:16:44 +02:00
Rene Zubcevic
30d38f9b56 completed test 2019-09-18 16:10:52 +02:00
Rene Zubcevic
ec236a4ff5 First steps in XXE integration tests 2019-09-18 14:48:34 +02:00
Rene Zubcevic
57e6a84cef fixed and improved first two jwt challenges 2019-09-17 18:33:05 +02:00
René Zubcevic
fb2e11fe11 fix for complete progress of sql mitigations and integration test 2019-09-10 13:58:58 +02:00
Nanne Baars
bf52e7a992 Fixed checking of server already running 2019-09-09 11:37:26 +02:00
Nanne Baars
0982bd982c Review comments processed: 
- Ports can now be changed
- User is now a default user making it easier to login and look around after a failure
 2019-09-08 18:52:12 +02:00
Nanne Baars
ff530e926e Use separate project for integration tests so we can start WebGoat and WebWolf 2019-08-25 17:43:14 +02:00