|
|
c0dd773b90
|
Merge branch 'develop' into alexanderfry-feature/ssrf
|
2019-02-09 18:20:43 +01:00 |
|
|
|
bd86dc6ee0
|
SNAPSHOT version
|
2019-02-09 18:20:08 +01:00 |
|
|
|
d6dae9ef75
|
Merge branch 'feature/ssrf' of git://github.com/alexanderfry/WebGoat into alexanderfry-feature/ssrf
|
2019-02-09 16:42:08 +01:00 |
|
|
|
941ca5e9a1
|
SQL injection add hints #470
|
2019-02-09 16:41:46 +01:00 |
|
|
|
6c86929aa6
|
New release, updating pom.xml
|
2019-02-08 14:20:23 +01:00 |
|
|
|
98f75e34d5
|
Initial Commit of SSRF Lesson
|
2019-01-21 18:09:31 -04:00 |
|
|
|
631fedb752
|
New release, updating pom.xml
|
2019-01-18 08:45:44 +01:00 |
|
|
|
7b8e3cdb52
|
Merge branch 'release/v8.0.0.M22'
|
2019-01-18 08:38:10 +01:00 |
|
|
|
9be4361afc
|
New release, updating pom.xml
|
2019-01-18 08:37:26 +01:00 |
|
|
|
b0e3a06b50
|
Password reset lesson 5 not working #512
Added comment to not use OWASP ZAP
|
2019-01-17 16:35:04 +01:00 |
|
|
|
9170dcb87f
|
Fix a grammatical error
|
2019-01-17 14:50:07 +01:00 |
|
|
|
ed490a5ecf
|
Fix for #545
Introduced new macro to make a clear distinction between /WebWolf with
context root and without.
|
2019-01-16 11:07:30 +01:00 |
|
|
|
ec225558b9
|
Move to latest Spring Boot version and move to Java 11
|
2018-12-15 13:59:54 +01:00 |
|
|
|
bf45a0a8e5
|
Fix for XXE docs
|
2018-12-14 12:43:19 +01:00 |
|
|
|
6699456ee1
|
Bug fix in sample code
|
2018-11-19 08:15:41 +01:00 |
|
|
|
1520c7571f
|
HTML Tampering Mitigation Description Typo
|
2018-11-19 08:13:17 +01:00 |
|
|
|
5921a06747
|
Fix SQL injection mitigation answer (fixes #505)
You need to submit the IP of the webgoat-prd server, not just any of the IPs.
|
2018-11-19 08:12:17 +01:00 |
|
|
|
a2f28460c0
|
Update password_reset.html
Without this attribute it is impossible to pass the lesson "password-reset" `Email functionality with WebWolf`.
|
2018-11-19 08:08:41 +01:00 |
|
|
|
f9a4061604
|
Fix typo
|
2018-09-12 09:54:44 +02:00 |
|
|
|
580e50f558
|
Same form post is used and with autocomplete this does not work because all fields will be posted. The endpoint could no long distinguish between the different actions (sending e-mail and checking password)
|
2018-08-10 13:15:40 +02:00 |
|
|
|
1252e3dc21
|
Update instructions to use docker-compose only
|
2018-07-17 20:17:35 +02:00 |
|
|
|
63a50df7a1
|
Add hint to lesson users no longer have guess the complete ip address
|
2018-07-06 18:22:29 +02:00 |
|
|
|
2233550fe1
|
Adding more solutions for SQL order by lesson
|
2018-06-22 14:12:37 +02:00 |
|
|
|
cb18295f9f
|
Update hint
|
2018-06-21 07:53:21 +02:00 |
|
|
|
651698d96c
|
Add different solution for XXE attack
|
2018-06-21 07:17:27 +02:00 |
|
|
|
ac12a009e4
|
New release v8.0.0.M20
|
2018-06-20 18:05:59 +02:00 |
|
|
|
9dd93d88d9
|
New release v8.0.0.M19
|
2018-06-20 16:40:28 +02:00 |
|
|
|
12123ef13b
|
Merge branch 'release/v8.0.0.M18'
|
2018-06-20 16:32:31 +02:00 |
|
|
|
c7da546249
|
Improve text for lesson about CSRF login
|
2018-06-16 17:52:18 +02:00 |
|
|
|
a41ff0083c
|
Merge pull request #479 from misfir3/develop
Recent updates, including Missing Function AC content & patch for Vuln Components Lesson
|
2018-06-13 18:44:09 -06:00 |
|
|
|
701a99cf8f
|
Merge pull request #487 from matthias-g/xssFixes
Small lesson improvements
|
2018-06-13 18:42:14 -06:00 |
|
|
|
844808bfa7
|
Merge pull request #485 from matthias-g/fixSQLInjection
Fix sql injection
|
2018-06-13 18:41:05 -06:00 |
|
|
|
81aac93dfe
|
Usage base64 encoded password as expected by JJWT
|
2018-06-13 17:58:52 +02:00 |
|
|
|
e5ec2c1ee0
|
Fix html attribute
|
2018-06-13 17:56:57 +02:00 |
|
|
|
b0fbeaff2c
|
This improves the text of the lesson about XSS
|
2018-06-13 17:56:23 +02:00 |
|
|
|
b47bb96534
|
Update changed password in tests
|
2018-06-13 16:11:28 +02:00 |
|
|
|
3b9b695ef1
|
Check host header instead of origin which might not be present #475
|
2018-06-13 11:38:33 +02:00 |
|
|
|
56fc983414
|
Update database layout so that proposed solution works
|
2018-06-12 17:40:28 +02:00 |
|
|
|
268adbcf7e
|
Move assignments to correct package so that hints are shown
|
2018-06-12 17:40:28 +02:00 |
|
|
|
f383454440
|
Fix spelling in JWT lesson
|
2018-06-12 11:02:51 +02:00 |
|
|
|
a7b82985d4
|
Fix usage of JJWT API which expects base64 encoded strings as key
|
2018-06-12 11:01:23 +02:00 |
|
|
|
3d282e163c
|
Show newest comments first
This prevents new comments from not being displayed after a comment containing invalid html has been posted.
|
2018-06-12 10:54:13 +02:00 |
|
|
|
7068c84c6a
|
Fix parameter in url and some spelling
|
2018-06-12 10:54:13 +02:00 |
|
|
|
1734170e9e
|
updates to missing function ac lesson
|
2018-06-04 16:53:13 -06:00 |
|
|
|
26aa72e721
|
New release
|
2018-05-30 20:54:13 +02:00 |
|
|
|
c510bd9bf1
|
New develop version
|
2018-05-30 20:37:25 +02:00 |
|
|
|
c7a714a590
|
Move to next release
|
2018-05-30 17:05:50 +02:00 |
|
|
|
93620f148b
|
Remove challenges which are also incorporated in the lessons themselves
|
2018-05-30 16:46:50 +02:00 |
|
|
|
ecb7688e08
|
Update to new version for develop
Move WebWolf to port 9090 easier since most of the time something is running on 8081
Add scripts for easy building Docker files etc
|
2018-05-30 13:17:05 +02:00 |
|
|
|
4691bc5fd5
|
Extended proxy lesson with Edit and Resend and explained how to exclude WebGoat internal calls from proxying
|
2018-05-29 21:30:13 +02:00 |
|
