c44186f986
start of missing function ac lesson
2017-07-24 16:26:23 -04:00
fc05a68ef7
update to IDOR hints
2017-07-19 16:00:10 -04:00
9e1e4c1d2a
Merge remote-tracking branch 'upstream/develop' into auth-bypass
2017-07-19 08:58:24 -04:00
b57cfd06b1
Started testing. Having issues, but commiting stubs and making ticket to return
2017-07-19 08:56:48 -04:00
89bfc3f12d
fixing image
2017-07-18 17:54:50 -04:00
9b643728f8
verify account assignment hints
2017-07-18 17:48:57 -04:00
0cb4faf15f
refactor to support cleaner scoping && success and failure callbacks
2017-07-18 17:39:58 -04:00
ce7c271bb5
initial cut on auth-bypass lesson
2017-07-18 15:59:46 -04:00
cac1fb17e4
minor update to getting started file
...
Updating Base Class section/description
2017-07-12 16:59:13 -04:00
82ef171a50
XSS Lesson Modifications ( #367 )
...
* initial cut on XSS, need to add some tests still
* initial unit tests for assignment endpoints
* updating header comment license thingy
* comment, clean up
* Stubs for security unit test
* Additional Unit Testing
* isEncoded and isNotEncoded Unit Tests added
* http-proxies updates
* update for XXE solutions
* Work-around to handle special chars in action ... currently to be able to match {userId} in hint creation/assignment for IDOR
* IDOR hints updated
* mitigation content update
* mitigation content update ... 2
* Lesson Overview updates
* including restart lesson fix for lesson overview
2017-07-10 08:33:10 -04:00
921561cf32
mitigation content update ... 2
2017-06-27 11:33:39 -04:00
ebb851b361
mitigation content update
2017-06-27 11:28:16 -04:00
296723508b
IDOR hints updated
2017-06-27 10:26:22 -04:00
dd18e68660
merge of upstream, conflict resolution
2017-06-27 08:30:58 -04:00
3a9bb946ed
update for XXE solutions
2017-06-27 08:27:06 -04:00
3ec5b8708e
clean up of unneeded stuff in pom
2017-06-23 14:46:40 -04:00
ccb4e3813b
#353 - lesson template/guide
2017-06-23 14:46:09 -04:00
edceba73fe
- Added testcases for bypassing frontend validation.
...
- Improved layout of the lesson
- Fixed JavaScript issues with 'let'
2017-06-16 01:16:31 +02:00
bf210de013
Added testcase for SQL lesson 6b
2017-06-16 00:33:02 +02:00
e808abd504
Added testcase for SQL lesson 6a
2017-06-16 00:23:40 +02:00
f1fd214580
Added more testcases for the SQL lesson 12
2017-06-15 23:49:03 +02:00
7809057208
Enabled the challenges again to make them visible for everybody who starts WebGoat
2017-06-15 23:38:04 +02:00
36ad73c800
Added more mitigations for XXE
2017-06-15 23:36:51 +02:00
a484467419
Adding extra lesson for order by clauses
2017-06-15 19:08:19 +02:00
ee912f734b
Added SQL injection from challenge to lesson and added content for a blind sql injection
2017-06-15 19:08:19 +02:00
0740c4ba95
Split large SQL lesson
2017-06-15 19:08:19 +02:00
b048988d2f
Changed layout of the html tampering lesson and fixed some JavaScript issues. Added a small mitigation page.
...
Moved the lessons concerning client side validation to client side category
2017-06-13 03:22:19 +02:00
09d8fef50e
Merge branch 'develop' of github.com:WebGoat/WebGoat into develop
2017-06-12 20:02:30 +02:00
870fa000aa
bypass front-end restrictions (javascript validation)
2017-06-13 10:09:39 +02:00
01421ca822
html restrictions lesson
2017-06-13 10:09:39 +02:00
007cdaa0d8
insecure login lesson
2017-06-13 10:09:39 +02:00
99f75a835c
#359 Fixed
2017-06-12 20:02:21 +02:00
52a48df70c
XXE successfully completed message was no longer shown, fixed it by using form POST together with customjs functions.
...
Introduced callback functionality which you can specify after the posting in order to be able to load the comments list again.
2017-06-12 15:08:55 +02:00
19a4859e4f
Fix hint not being display correctly due to missing escaping
2017-06-12 13:03:14 +02:00
06a3f5d189
http-proxies updates
2017-06-09 15:33:21 -04:00
2305d355c7
isEncoded and isNotEncoded Unit Tests added
2017-05-25 19:36:02 -04:00
31548b9c57
Additional Unit Testing
2017-05-24 17:12:28 -04:00
e733131241
Stubs for security unit test
2017-05-24 13:12:36 -04:00
a9e5dd645d
comment, clean up
2017-05-22 20:10:03 -04:00
129e9deba9
Added testcase for SQL injection lesson
2017-05-21 16:40:52 +02:00
0ad1f0d147
Fixing Travis issues while building
2017-05-21 13:28:29 +02:00
edea515564
Test failed due to hardcoded path
2017-05-21 12:46:10 +02:00
877de6ebd4
Updated XXE lessons with challenge screens
2017-05-21 12:24:42 +02:00
a5b4aeaa76
updating header comment license thingy
2017-05-20 21:49:40 -04:00
857f09df14
initial unit tests for assignment endpoints
2017-05-20 21:17:02 -04:00
feead6b740
initial cut on XSS, need to add some tests still
2017-05-18 14:41:14 -04:00
6f0f71b131
Changed XXE lessons to use photo comment example
2017-05-04 06:25:11 +02:00
4a061f61a6
Integrated XXE assigment from CTF to XXE lesson
2017-05-04 02:25:56 +02:00
d25f71532b
Moved challenge 4 to challenge 6 and introduced new sql injection challenge 5
2017-05-03 17:30:49 +02:00
e656d30b7e
hint updates
2017-05-11 10:44:26 +01:00
