ff67ee6484
Update to correct version
2021-10-04 14:40:19 +02:00
a7b9954d0f
1101: fix quoting in statement
2021-10-02 17:39:26 +02:00
7ec6826abc
#1031 : Fix lesson
...
- Hints not shown
- Add more hints
- Incorrect grant statement in lesson as example (removed it)
2021-09-05 14:32:55 +02:00
60bd04b9aa
Move to snapshot version
2021-07-29 11:13:16 +03:00
69a370f438
New release, updating pom.xml
2021-05-23 20:11:23 +02:00
38f1d52bf3
Corrected typos and poor grammar found in the SQL Injection lessons.
2021-04-16 13:29:01 +02:00
e49f5d610f
#961 : Give each user its own schema for the lessons
...
This way we can reset a lesson using the database for each user and not for all users at once.
Also solves the issue that when someone solves the lesson it is solved for all users on the same WebGoat instance
2021-04-16 13:28:07 +02:00
82198424df
Corrected typos and poor grammar found in the SQL Injection lessons.
2021-04-02 21:31:11 +02:00
ba2cb7d14f
#974 : Update the lesson text
2021-04-02 07:31:19 +02:00
de453fad84
Fix issue with labels in SQL lessons
2021-04-01 17:48:32 +02:00
59c96f9890
Fix lesson it no marks it as solved if the user uses a different username
2021-03-31 19:32:47 +02:00
f7d3fd586e
Remove the span added to the feedback
2021-03-31 19:32:47 +02:00
798afc756b
Remove as it matches the normal success message
2021-03-31 19:32:47 +02:00
14621003d7
Remove banner.txt as you can set it with a property in application.properties
2021-03-31 19:31:13 +02:00
cda852f4e8
Run unit tests again for all lessons and rewrite all to JUnit 5
...
Due to the migration to Spring Boot 2.4 the Vintage dependency was no longer included by default, resulting in skipping all unit tests.
2021-03-31 19:31:13 +02:00
ae6d448aa0
Replace ${revision} with real version as Maven
...
The CI pipeline should take care of this.
2021-03-31 19:31:13 +02:00
b8bdb8f432
Updating to the new development version
2021-03-30 14:05:26 +00:00
e114360a5f
Fix SQL Injection
2021-03-29 08:28:36 +02:00
d4da2d0efa
Convert lesson into using DB instead of using regular expression to check the solution
2021-03-15 17:48:13 +01:00
f2ab5c1968
Update JWT lesson
2021-03-15 17:48:13 +01:00
00c4be63f0
Fix sql injection line comments issue. ( #925 )
2021-01-19 10:47:04 +01:00
2e581d6bdb
docs: update SQLi lesson text ( #928 )
...
- corrected typos/grammar issues
- restructured sentences for clarity
2021-01-19 10:29:16 +01:00
b1495a8cd5
Fix typo ( #909 )
2020-12-03 14:23:23 +01:00
574039902d
changed version to snapshot version and introduced revision parameter
...
for it
2020-11-27 12:15:19 +01:00
74cca6d185
Add missing trailing double quote in sql query ( #897 )
2020-11-19 07:45:07 +01:00
7b8523dcab
#839 : fix the SQL statement as this one does not express that the orderBy
clause input is user input
2020-11-04 20:35:05 +01:00
641d75e734
Link to the original lesson for the goal
2020-10-20 22:09:49 +02:00
317573c897
Small fixes june 2020 ( #857 )
...
* issue 849
* another integration test for a challenge
* fixing issue 848
* updated link for issue 833
* fix for 847
2020-07-08 19:26:09 +02:00
39740e069e
New release
2020-05-22 14:10:31 +02:00
1aad57ba55
Fix the syntax differences between HSQL and Postgres
2020-04-27 11:45:41 +02:00
54610868fe
Fix the syntax differences between HSQL and Postgres
2020-04-27 11:45:41 +02:00
d7ae3a4391
fix typo
2020-04-27 10:44:39 +02:00
608728b135
fix asciidoc italic format
2020-04-27 10:44:39 +02:00
88eb4d7b26
ace editor added without all the nonsense around it
2020-04-26 16:45:56 +02:00
6f532683a1
lessonplan character updates so it also works on Windows Cp125
2020-04-20 12:54:18 +02:00
96412da04e
Remove unused imports and parameters
2020-04-19 15:42:50 +02:00
3b7481c2a7
Update method signature
2020-04-19 15:42:50 +02:00
407e19638f
Add two more assignments for SQL injection where only filtering is applied.
2020-04-19 15:42:50 +02:00
6c25cf8e43
Add path traversal lesson
2020-03-10 08:03:48 +01:00
4e371b63d0
suppressing some useless log messages and banners in unit tests ( #752 )
...
* suppressing some useless log messages and banners in unit tests
* some more log suppressed
2020-01-25 12:11:45 +01:00
5dd6b31905
Adjust lesson template ( #704 )
...
* Remove method `getId()` from all lessons as it defaults to the class name
* remove clean up endpoint
* remove unused class `RequestParameter`
* remove unused class `PluginLoadingFailure`
* Move `CourseConfiguration` to lesson package
* Add more content around the lesson template lesson and make it visible as a lesson in WebGoat
* Remove explicit invocation `trackProgress()` inside WebGoat framework so assignments only need to return an `AttackResult`
* Put original solution back as well for SQL string injection
* review comments
* Add
2019-11-17 13:39:56 +01:00
f40b6ffd31
Moving back to snapshot
2019-11-13 12:27:26 +01:00
fe2ac1b8d4
New release, updating pom.xml
2019-11-12 09:22:45 +01:00
e07a2aff48
Fix mistake the SQL exception should be throws otherwise users cannot see the table name (servers
) makes it impossible to
...
solve the assignment. Add explicit test for this to guard against future mistakes
2019-11-11 21:17:51 +01:00
7d48427d4f
Integrate ZAP 2.8.0 (no HUB) as the setup is different also update the filtering as usual ZAP exclusion is again broken
2019-11-11 21:17:51 +01:00
8da4342430
Improve readability of query ( #685 )
...
thanks! and do not forget to clean your .webgoat... local db related files
2019-11-04 13:28:35 +01:00
1a83e2825e
Code style ( #696 )
...
* Remove Guava dependency from WebGoat
* Add Checkstyle to the project with very basic standards so we have a
style across lessons. It does not interfere with basic Intellij formatting
2019-11-03 18:11:09 +01:00
25dae3a4a8
Fix merge request
2019-10-30 08:28:14 +01:00
e783c0c1f1
SQL: Cannot use apostrophe/quotes on string literals #662
2019-10-30 08:28:14 +01:00
96d11697d4
SQL Injection lesson 6 minor mistakes in examples #663
2019-10-30 08:28:14 +01:00