dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,846 Commits 11 Branches 78 Tags
cbf2e153d93a9abba89b7ee8e6d18c298f3a767f
Commit Graph

2846 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
rogan.dawes
a1d52a73e0 Introduce the GoatHillsFinancial "lesson" 
This "lesson" is to be used as a base for the rest of the
LAB lessons. This should help to reduce the amount of
duplication across the lessons.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@150 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:56:00 +00:00
rogan.dawes
0bdc36b2f6 Remove duplication of isAuthorizedForEmployee 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@149 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:55:10 +00:00
rogan.dawes
a8119f6982 Move Lesson specific checks out of DefaultLessonAction 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@148 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:54:55 +00:00
rogan.dawes
3dc1a04d62 Update the various lessons to specify their stage count 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@147 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:54:35 +00:00
rogan.dawes
3c2e63636c Provide a user-accessible mechanism for skipping stages 
Initially, this is only available when in debug mode
i.e. add &debug=true to the URL or set the flag in web.xml


git-svn-id: http://webgoat.googlecode.com/svn/trunk@146 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:54:12 +00:00
rogan.dawes
51cc4fb0b4 Take a simple approach to add direct stage access. 
Make it a numerical stage indicator. This allows the person to skip a stage
if they choose to, but it will effectively be marked as completed.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@145 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:53:54 +00:00
rogan.dawes
e6fcd4176c Make it possible to return per-stage hints 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@144 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:53:34 +00:00
rogan.dawes
d39975c299 Minor fixes - unused imports and generics 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@143 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:52:09 +00:00
rogan.dawes
661d8bcf62 Various type safety fixes (converting to generics) 
This appears to have fixed a possible bug, so is a good thing


git-svn-id: http://webgoat.googlecode.com/svn/trunk@142 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:51:40 +00:00
rogan.dawes
eaf12c706c Create WebgoatContext in HammerHead, rather than WebSession 
Now webgoatContext should effectively be a singleton, shared across
all WebSession instances. WebSession now initialises from WebgoatContext.

WebSession methods that refer to static "site wide" properties are deeted
and references to them updated to point to WebgoatContext


git-svn-id: http://webgoat.googlecode.com/svn/trunk@141 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:51:26 +00:00
rogan.dawes
53487970f6 Unify DatabaseUtilities.makeConnection() 
Remove the hack to support Web services lessons that do not have a WebSession
Now that they have their own reference to WebgoatContext, they do not need one


git-svn-id: http://webgoat.googlecode.com/svn/trunk@140 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:51:01 +00:00
rogan.dawes
ada66dae10 Pass webgoatContext to AbstractLesson, so all lessons can know their environment 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@139 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:50:36 +00:00
rogan.dawes
1849197784 Move database specific items into WebgoatContext 
Update DatabaseUtilities to use a webgoatContext to create a Connection


git-svn-id: http://webgoat.googlecode.com/svn/trunk@138 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:50:13 +00:00
rogan.dawes
c4d24dff3a Start process of moving shared data to a single place 
Shared fields like the database connection details will be
stored in a new class WebgoatContext.

For the moment, we create this object anew each time, but
we will eventually create it once, and pass it to the
constructor of WebSession, to provide initial values for
each user.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@137 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:49:57 +00:00
rogan.dawes
c3a5ec5ca8 Eliminate references to insance variable 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@136 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:49:41 +00:00
rogan.dawes
db2f11578a Replace casting with a suitable generic 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@135 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:49:28 +00:00
rogan.dawes
4cae9985f6 Fix a NullPointerException in DatabaseUtilities.writeTable 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@134 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:49:15 +00:00
rogan.dawes
b7bb9e4d17 Remove useless use of "file.separator" in getRealPath() 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@133 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:49:03 +00:00
rogan.dawes
2748e80d0d Make mySession a method scoped variable, not an instance var 
This should fix a concurrency bug, although it is unlikely to
be exploitable/exploited


git-svn-id: http://webgoat.googlecode.com/svn/trunk@132 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:48:53 +00:00
rogan.dawes
294580983d Remove methods tagged DELETE_ME 
Also remove associated imports which are no longer used


git-svn-id: http://webgoat.googlecode.com/svn/trunk@131 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:48:43 +00:00
rogan.dawes
52f23a20f4 Move maintanance of lesson categories from AbstractLesson into Category class 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@130 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:48:20 +00:00
rogan.dawes
747319aab5 Move definition of standard Categories to Category class 
Also update all the referring classes


git-svn-id: http://webgoat.googlecode.com/svn/trunk@129 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:48:02 +00:00
rogan.dawes
5f67544b24 Add mechanism to close DB connections 
Oracle ends up refusing connections if we don't close them


git-svn-id: http://webgoat.googlecode.com/svn/trunk@128 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:46:17 +00:00
rogan.dawes
6f5e7c37f7 Add infrastructure to enable setting of username and password for DB access 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@127 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:46:01 +00:00
esheri3
e19c3353e7 Added a catch block for the "ParameterNotFoundException". Failure to catch this exception lead to an error message when the DOS lesson is viewed. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@125 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-04-05 16:14:39 +00:00
esheri3
20484796f9 EditProfile.jsp was missing a closing div tag. Removed some unused imports in LessonSource.java 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@124 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-04-05 15:33:51 +00:00
mayhew64
adc1387ed2 git-svn-id: http://webgoat.googlecode.com/svn/trunk@123 4033779f-a91e-0410-96ef-6bf7bf53c507 2007-03-22 21:18:07 +00:00
mayhew64
f66d74cd58 Draft for solving the labs 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@122 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-03-22 21:01:06 +00:00
mayhew64
25f47916cc Rename CookieCatcher to Catcher 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@121 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-03-20 19:05:46 +00:00
mayhew64
e2e98574b5 Detailed new lesson instructions 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@120 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-03-19 19:07:00 +00:00
mayhew64
34fca43216 New Phishing Lesson 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@119 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-03-19 17:47:37 +00:00
mayhew64
ee6ed2e978 Add FAQ for running WebGoat on your host IP 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@118 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-03-09 17:25:55 +00:00
sherif.fathy
30b00f969f git-svn-id: http://webgoat.googlecode.com/svn/trunk@117 4033779f-a91e-0410-96ef-6bf7bf53c507 2007-02-26 03:43:30 +00:00
mayhew64
a2abbfaf1e Changed tag case. removed unused import 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@116 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-02-25 18:39:38 +00:00
mayhew64
d8680dcfc3 Removed credit from New Lesson. Removed extra "." from start page 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@115 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-02-22 01:09:43 +00:00
mayhew64
81582162d3 Modified intro text to be consistent in size with new logos. Modified credits in BlindSqlInjection.java. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@114 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-02-06 15:32:12 +00:00
mayhew64
5408328434 git-svn-id: http://webgoat.googlecode.com/svn/trunk@113 4033779f-a91e-0410-96ef-6bf7bf53c507 2007-02-05 23:04:24 +00:00
esheri3
6dc383b7b4 Modified all "Aspect" lessons to include the Aspect logo. The logo links to http://aspectsecurity.com. Moved the "OWASP" logo and added an Aspect logo on the main.jsp page. Adjusted the padding of the "warning" text to prevent "Start" button overlap. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@112 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-02-02 17:56:23 +00:00
esheri3
e735aea7b0 Modified getCustomCredits() to utilize "Element" instead of "IMG". This allows for more flexible control over the lovely credits. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@111 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-02-02 15:23:43 +00:00
esheri3
dda693f0ff Modified final hint to point to the correct mapping (/conf instead of /config). Minor code syntax cleanup 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@110 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-02-02 15:04:37 +00:00
mayhew64
e748aa0e90 Changed mac_Logo.gif to macadamian.gif. Added forced browsing servlet to the appropriate web.xml files. Enhanced readme files 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@109 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-01-31 15:44:38 +00:00
mayhew64
ca46354077 Minor Cleanup of imports and user guide url 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@105 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-01-30 23:36:21 +00:00
mayhew64
0ab3ad8293 git-svn-id: http://webgoat.googlecode.com/svn/trunk@104 4033779f-a91e-0410-96ef-6bf7bf53c507 2007-01-30 16:24:15 +00:00
esheri3
404e3f8b19 Changed title to "How to Perform Cross Site Tracing (XST) Attacks" 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@103 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-01-26 19:47:54 +00:00
esheri3
82371bf0d9 Changed title (back?) to "Tracing". 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@102 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-01-26 19:43:43 +00:00
esheri3
dce06730f9 minor grammar fix. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@101 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-01-26 19:36:52 +00:00
esheri3
ccd2f8cc33 added the Aspect logo 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@100 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-01-26 19:15:20 +00:00
esheri3
f5dfc0698d change all instances of "trace" to "tracing" 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@99 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-01-26 19:06:42 +00:00
esheri3
af66f4ff00 Minor grammar fixes. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@98 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-01-25 20:41:41 +00:00
esheri3
f86af29210 Minor grammar fixes. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@97 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-01-25 20:35:06 +00:00