dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
122 Commits 11 Branches 78 Tags
c3908e8700277b4b6e99f8d336f3af3b6e90139e
Commit Graph

122 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
mayhew64@gmail.com
c3908e8700 More readme tweaks, fixed the delete command in the SQL Server startup 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@413 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-11-11 04:04:25 +00:00
mayhew64@gmail.com
0f3cc19b11 Slight mods to add unzip and click to run instructions 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@412 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-11-11 03:58:29 +00:00
mayhew64@gmail.com
e78ea07b3f Minor changes to missing internationalization text and startup scripts. Removed internationalization choices for lessons that don't support it 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@411 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-11-11 03:34:14 +00:00
mayhew64@gmail.com
d48519d1ec Fixed some broken formatting on screen layout, added the Malicious code to the hidden lessons until real lessons can be built 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@410 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-11-09 03:58:08 +00:00
mayhew64@gmail.com
5394b0d8a1 General cleanup of lesson, removed sub credit from csrf lesson, add cam credit as lesson contributor 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@409 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-11-09 01:49:41 +00:00
mayhew64@gmail.com
c35169291b Added some detail to the readme and moved some docs that are no longer relevant to the attic. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@408 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-11-09 01:07:55 +00:00
ch.ko123
34abecdbe5 added configuration for starting Tomcat from Maven 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@407 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-11-08 16:43:00 +00:00
ch.ko123
98fe279dc7 moved scripts to main/scrips and remaining stuff to doc 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@406 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-11-05 21:03:36 +00:00
ch.ko123
c46d490726 removed jars, as dependencies are now pulled from the maven repo 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@405 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-11-05 20:30:23 +00:00
ch.ko123
b1d23b4140 make webgoat run on tomcat 5.5 again 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@404 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-11-05 20:00:55 +00:00
ch.ko123
a4e0b6b101 added paragraph about tomcat to README.txt 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@403 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-11-02 22:40:20 +00:00
ch.ko123
01bf6ea303 added wtp configuration to pom 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@402 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-11-02 22:20:12 +00:00
ch.ko123
01e5cf37d9 moved doco 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@401 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-11-01 21:12:40 +00:00
ch.ko123
68ba7cab13 moved doc folder 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@400 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-11-01 20:06:23 +00:00
ch.ko123
5b56b4f15d updated readme 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@399 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-11-01 19:44:33 +00:00
ch.ko123
aa49ad4cd6 removed xml-apis from pon 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@398 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-11-01 18:45:25 +00:00
ch.ko123
7d2327dfd9 README.txt for Maven build added 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@397 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-11-01 16:01:47 +00:00
ch.ko123
e3d3946862 moved property files to src/main/resources 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@396 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-11-01 15:08:35 +00:00
ch.ko123
adad8cf836 added resources dir, removed catalina.jar which is only a build dependency 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@395 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-11-01 12:51:57 +00:00
ch.ko123
5119e65791 renamed main->src regarding to Maven conventions 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@394 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-11-01 11:54:43 +00:00
ch.ko123
c1f2360a35 renamed project->main regarding to Maven conventions 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@393 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-11-01 11:16:30 +00:00
ch.ko123
f99fad493c renamed JavaSource -> java, WebContent -> webapp regarding to Maven convention 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@392 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-11-01 11:04:59 +00:00
ch.ko123
6cc4a44d86 restored setAdmin method removed in r389 to make the trunk compile again 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@391 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-11-01 10:39:29 +00:00
chuck@securityfoundry.com
1c02094545 Added 3 new lessons. Some strings are in the properties files, but not all. Modified CreateDB.java in order to create a new salaries table used by the new SQL injection lessons. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@390 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-30 04:53:19 +00:00
mjawurek
1dc6c799a7 A first attempt at internationalization of WebGoat. For complete internationalization WebGoat needs two things: 
1. Every text passage/label that appears in lessons must independent of the current language set for WebGoat.
2. Every lesson plan and solutions must be translated for each supported language.
Number 1 is achieved by using webgoat/util/WebgoatI18N.java and by having every output routed through this piece of code. You no longer say hints.add("Lesson Hint 1"); or ....addElement("Shopping Cart")) but you in the lesson you say hints.add(WebGoatI18N.get("Lesson Hint1")) or ....addElement(WebGoatI18N.get("Shopping Cart"). Then WebGoatI18N looks up the corresponding string for the language set as the current lanuage and returns it.
Number 2 is achieved by having subdirectories in lesson_plans corresponding to every language. That means, a lesson that has been translated to Spanish and German will be found in lesson_plans/English and lesson_plans/Spanish and lesson_plans/German.

This is how WebGoat finds out about available languages: in Course.java in loadResources() it looks for lesson plans.
Unlike before, now a lesson plan can be found multiple times in different "language" directories. So for every directory the lesson plan is found in, WebGoat associates this language with the lesson and also lets WebGoatI18N load the appropriate WebGoatLabels_$LANGAUGE$.properties file which contains the translations of labels.
So this is what you have to do for a new language:
First of all, you have to copy and translate every lesson plan that you need in the new language, and then you also have to create a WebGoatLabels_$LANGUAGE$.properties file with that labels that will be used in these lessons. Atm WebGoat crashes throws an exception when a label is missing but this can be sorted out quickly. 

git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@389 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-26 15:58:15 +00:00
mayhew64@gmail.com
59abed1dde Malcode samples - need to turn into lessons 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@388 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-26 11:24:12 +00:00
cam.morris
c3fe7cece9 Including one small documentation change: giving credit to Sherif Koussa's original CSRF lesson 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@387 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-23 21:29:42 +00:00
cam.morris
d2a6a2b272 This change includes two additional CSRF lessons. One for 
by-passing a prompt (showing why prompts don't work).  The second for
by-passing CSRF tokens when XSS exists. 

It also modifies the existing CSRF lesson so that the lesson
can be extended and used by the two new lessons.


git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@386 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-23 21:23:17 +00:00
chuck@securityfoundry.com
b4af6471b1 Three new lessons and supporting files and changes to other files. Some changes to other files may not be quite the "right" way to accomplish my goal, so they may need to be updated. I deleted the old BlindSQLInjection lesson (which was by me) since it is replaced by the two new lessons for BlindNumericSqlInjection and BlindStringSqlInjection. Other new lesson is for MaliciousFileExecution, which requires the Apache Commons fileupload library (which in turn needs the commons io library). 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@385 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-20 04:30:00 +00:00
chuck@securityfoundry.com
4f3892a0b6 Re-adding .jar file that appears to have been removed recently. Re-adding this file should fix build some build errors. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@384 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-20 03:56:46 +00:00
ch.ko123
c1af5e86b0 initial version of pom.xml 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@383 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-12 21:06:55 +00:00
ch.ko123
e3af09e500 infos to dependencies 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@382 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-11 15:19:25 +00:00
ch.ko123
94378680ca replaced jars with versions from maven repo to prepare migration 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@381 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-11 13:47:42 +00:00
ch.ko123
62bc77cbe7 replaced jars with versions from maven repo to prepare migration 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@380 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-11 11:07:01 +00:00
ch.ko123
de18bc56d2 replaced axis jars with versions from maven repo; removed catalina.jar no longer needed 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@379 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-10 23:39:11 +00:00
ch.ko123
215caee8be fixed typo (Issue 29) - test commit 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@378 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-07 21:15:11 +00:00
mayhew64@gmail.com
4897249cb8 5.3 Logo 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@377 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-02-04 13:06:48 +00:00
mayhew64
976671949e Changed the credit card user to be the user that was logged in as. Also base64 encoded the user cookie to make finding sql injection slightly harder. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@376 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-02-03 18:16:51 +00:00
mayhew64
b63d0a6886 Changed the class build. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@375 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-02-03 17:56:48 +00:00
mayhew64
3cf801f58f Removed errors introduced in previous checkin. String and integer conflicts in JSP 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@374 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-02-03 17:55:27 +00:00
soylentmean
b8c1d13e50 Lots of wording changes and HTML fixes. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@373 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-01-06 21:06:42 +00:00
soylentmean
8a372baa01 Fixing wording a smidge. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@372 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-01-06 20:19:22 +00:00
mayhew64
01b845beb9 Changes by Chris Roe to fix lesson issues with FireFox. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@371 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-12-17 13:06:29 +00:00
soylentmean
7a55b7e02f fixed a typo 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@370 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-12-11 21:15:20 +00:00
soylentmean
711097a340 Standardized all the HTML, clarified things, and fixed a whole bunch of grammar issues. 
I also changed the explanation for Browser Cache Poisoning; the old explanation was incorrect.  If I'm mistaken on that, feel free to revert that part of the explanation.


git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@369 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-12-11 20:04:15 +00:00
mayhew64
696550ccb0 Minor syntax issue with the word prename in the instructions - reported by April King 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@368 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-12-10 23:52:04 +00:00
mayhew64
7998e60f29 Removed hardcoded webgoat path for URLs 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@367 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-11-21 16:57:23 +00:00
mayhew64
c0d2d13e5a Reported by dwpoon, Yesterday (17 hours ago) 
I would like to submit the attached patch to avoid hard-coding
"/WebGoat" as the webapp's context path, at least for the HTTP splitting
lesson.  This issue has also been reported in July 2007; see
https://lists.owasp.org/pipermail/owasp-webgoat/2007-July/000432.html

Also see Issue 15 http://code.google.com/p/webgoat/issues/detail?id=15


git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@366 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-11-21 12:57:14 +00:00
mayhew64
3412f1e984 Contribution by Kristian Erik Hermansen. Fixed to work with 1.6 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@365 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-09-09 15:32:23 +00:00
brandon.devries
5854b66614 minor bug fixes and enhancements, including proper dollar value formatting 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@364 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-08-14 14:31:17 +00:00