87 Commits

Author SHA1 Message Date
Peter Potrowl
cb2c99d38d Improve texts to avoid confusion. 2023-12-14 22:54:20 +01:00
Nanne Baars
17acef57b4 chore: add pre-commit hooks
chore: add pre-commit hooks

chore: add pre-commit hooks

chore: add pre-commit hooks

chore: add pre-commit hooks
2023-12-06 17:16:24 +01:00
Nanne Baars
3d651526be feat: show creating time in file upload overview
Closes: gh-1551
2023-12-04 21:32:02 +01:00
Nanne Baars
c7c2a61f65
chore: fix startup message (#1687)
Since we use two application context, the event listener would print out the last one with the WebWolf context. As WebWolf is part of WebGoat we should not refer to it anymore during startup as users should always go to WebGoat first.
2023-12-04 07:59:29 +01:00
Nanne Baars
b7f657ad2c
chore: fix WebWolf UI (#1686)
Fix-ups after the Bootstrap 5 upgrade for WebWolf.
2023-12-02 12:59:56 +01:00
René Zubcevic
7fea42afe9
Fix/state of software supply chain links (#1683)
* fix:update state of software supply chain links

* fix:fix second link

* fix:links formatting

---------

Co-authored-by: maurycupitt <maury@cupitt.com>
2023-11-27 15:33:14 +01:00
René Zubcevic
826887cc83
Consistent environment values and url references (#1677)
* organizing environment variables

* Update application-webgoat.properties

* Update pom.xml

* test without ssl

* fix docker base image and default env entries

* seperate server.address from webgoat.host and webwolf.host

* change base image and enable endpoint logging for docker as well

* change README

* change README

* make integration test able to verify against alternative host names

* use dynamic ports and remove system println
2023-11-27 14:35:49 +01:00
René Zubcevic
88a321c268
search box moved and jwt encode/decode with little delay (#1664) 2023-11-16 14:42:10 +01:00
René Zubcevic
ba75e10efd
fixed issue in JWT test tool and added robot test (#1658) 2023-11-14 18:14:48 +01:00
René Zubcevic
d1e44bbc98
Password reset link test condition more strict and move all WebWolf links to /WebWolf (#1645)
* better check on host and port for password reset and make context roots more flexible

* spotless applied

* removed hardcoded /WebGoat from js

* removed hardcoded /WebGoat from js

* fix spotless

* fix scoreboard

* upgrade WebWolf bootstrap version and icons and templates - part 1

* fixed more bootstrap 5 style issues and context path issues

* organized WebSecurityConfig based on latest conventions and added basic support for oauth (more work needed)

* spotless applied

* added mock bean

* requires updates to properties - commented for now

* requires updates to properties - commented for now

* oauth secrets through env values

* user creation after oauth login

* integration test against non default context paths

* adjusted StartupMessage

* add global model element username

* conditionally show login oauth links

* fixed WebWolf login

---------

Co-authored-by: René Zubcevic <rene@Mac-mini-van-Rene.local>
2023-11-14 10:01:59 +01:00
François Capon
45c26d8aaf
Fix servers id (#1619) 2023-10-22 15:25:52 +02:00
Àngel Ollé Blázquez
49862f6b90 fix: fixes the default change in trailing slash matching and address the affected assignments 2023-08-27 14:14:27 +02:00
Àngel Ollé Blázquez
4009785bb8 fix: crypto basics broken links 2023-08-27 13:16:08 +02:00
Àngel Ollé Blázquez
d8341c86a1 bug: fix hint that was breaking the template, causing hints from different assignments to mix (#1424) 2023-08-27 02:08:52 +02:00
Àngel Ollé Blázquez
055578893d feat: improve MFAC lesson hint texts for a better user experience (#1424) 2023-08-27 02:08:52 +02:00
Àngel Ollé Blázquez
7b81247dd1 fix: HijackSession lesson template deprecated Tymeleaf attribute 2023-08-26 02:57:50 +02:00
Àngel Ollé Blázquez
a67fbf5a5a fix: XSS mitigation 2023-08-26 01:30:17 +02:00
Àngel Ollé Blázquez
3365c8d447 Remove wrong files 2023-08-25 22:50:40 +02:00
Àngel Ollé Blázquez
368c046779 fix: Stored Cross-Site Scripting Lesson 2023-08-25 20:55:26 +02:00
Àngel Ollé Blázquez
786cabd251 Make webjar dependencies version agnostic 2023-08-24 16:43:28 +02:00
Àngel Ollé Blázquez
4ba818533c fix: WebWolf JWT jquery webjar 2023-08-09 01:32:03 +02:00
Nanne Baars
a9b1fd66b8
feat: implement JWT jku example (#1552)
Closes #1539
2023-08-08 17:18:22 +02:00
Àngel Ollé Blázquez
25f49537e7 bug: Fix IDOR lesson 2023-07-16 17:14:27 +02:00
Àngel Ollé Blázquez
1df7ca61a3 Text content improvement 2023-06-15 19:26:33 +02:00
Àngel Ollé Blázquez
75398feca0 Add hints 2023-06-15 19:26:33 +02:00
Nanne Baars
ca886b4818
feat: upgrade to Spring Boot version 3 (#1477) 2023-06-04 11:19:47 +02:00
caputdraconis
ac6de9d788 Fix typo of HijackSession_content0.adoc 2023-04-17 09:04:15 +02:00
Nanne Baars
ecfc321f14 feature: Add extra feedback once someone solves JWT refresh lesson differently
One can solve this lesson by using `alg:none` instead of using the refresh token flow. Instead of adding a check to force using the refresh token we opt for giving the user extra feedback.
2023-02-16 20:32:27 +00:00
Àngel Ollé Blázquez
075b1ab30a Fix WebWolf JWT tool 2023-02-15 22:40:24 +00:00
Nanne Baars
3901814363 Fix documentation link for XXE mitigation. 2023-01-05 19:00:12 +01:00
Nanne Baars
dca415099f Remove unused JavaScript function 2023-01-05 11:33:00 +01:00
Nanne Baars
54e115aff0 Update the solution with WebWolf URLs
The new solution uses WebWolf paths as these will change automatically when a user start WebGoat on a different port. It no longer depends on the hardcoded port `8080`.
2023-01-05 11:02:45 +01:00
Nanne Baars
fcaa2d8589 Fix zip slip lesson.
The lesson did not work properly as the directory is reused across several path traversal lessons. First thing before uploading the zip file we now clean the directory.

The html had a reference to a location of the profile picture, this was part of a hint but this only causes confusion as this is not indicating to where you need to upload the picture with the Zip Slip vulnerability.

The assignment now contains a direct hint as where the image needs to be saved. The assignment is about creating a vulnerable zip file and NOT about guessing where the image should be saved inside WebGoat.
2023-01-05 11:02:45 +01:00
Nanne Baars
9666597164 - Add reference to the WebWolf icon in the top right corner.
- Format all text of the lesson
2023-01-04 08:07:51 +01:00
Nanne Baars
32468ff90b
Add sql lesson (#1370) 2023-01-04 07:42:29 +01:00
Adam Szatyin
71ec36102f Fix typo 2022-12-01 21:34:19 +01:00
András Veres-Szentkirályi
b51be74cab typofix 2022-11-28 17:10:14 +01:00
Jesper Hallborg
96c2595ad0 Update interface name to exploit
The name is
org.owasp.webgoat.lessons.vulnerablecomponents.Contact
not
org.owasp.webgoat.vulnerablecomponents.Contact
2022-09-21 22:32:16 +02:00
Thanh Tran
f5e4d4717a FixTypo - Fix typo in various lesson documentations 2022-08-30 22:21:22 +02:00
Àngel Ollé Blázquez
50f932b02e Renamed to webwolfintroduction 2022-07-31 22:39:21 +02:00
Àngel Ollé Blázquez
251167c6b0 Renamed to webgoatintroduction 2022-07-31 22:39:21 +02:00
Àngel Ollé Blázquez
256c1dd3aa Renamed to vulnerablecomponents 2022-07-31 22:39:21 +02:00
Àngel Ollé Blázquez
b93c935d6c Renamed to sqlinjection 2022-07-31 22:39:21 +02:00
Àngel Ollé Blázquez
827a9d3467 Renamed to securepasswords 2022-07-31 22:39:21 +02:00
Àngel Ollé Blázquez
91470b93ea Renamed to pathtraversal 2022-07-31 22:39:21 +02:00
Àngel Ollé Blázquez
37d684fdd3 Renamed to passwordreset 2022-07-31 22:39:21 +02:00
Àngel Ollé Blázquez
4f911c64a1 Renamed to missingac 2022-07-31 22:39:21 +02:00
Àngel Ollé Blázquez
e0a0a80ad9 Renamed to lessontemplate 2022-07-31 22:39:21 +02:00
Àngel Ollé Blázquez
26c289d7d4 Renamed to insecurelogin 2022-07-31 22:39:21 +02:00
Àngel Ollé Blázquez
1eff81718b Renamed to httpproxies 2022-07-31 22:39:21 +02:00