dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
95 Commits 11 Branches 78 Tags
d2a6a2b2722da62c92212493bc5eb5cb65991a20
Commit Graph

45 Commits

Author SHA1 Message Date
cam.morris
d2a6a2b272 This change includes two additional CSRF lessons. One for 
by-passing a prompt (showing why prompts don't work).  The second for
by-passing CSRF tokens when XSS exists. 

It also modifies the existing CSRF lesson so that the lesson
can be extended and used by the two new lessons.


git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@386 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-23 21:23:17 +00:00
chuck@securityfoundry.com
b4af6471b1 Three new lessons and supporting files and changes to other files. Some changes to other files may not be quite the "right" way to accomplish my goal, so they may need to be updated. I deleted the old BlindSQLInjection lesson (which was by me) since it is replaced by the two new lessons for BlindNumericSqlInjection and BlindStringSqlInjection. Other new lesson is for MaliciousFileExecution, which requires the Apache Commons fileupload library (which in turn needs the commons io library). 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@385 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-20 04:30:00 +00:00
chuck@securityfoundry.com
4f3892a0b6 Re-adding .jar file that appears to have been removed recently. Re-adding this file should fix build some build errors. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@384 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-20 03:56:46 +00:00
ch.ko123
e3af09e500 infos to dependencies 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@382 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-11 15:19:25 +00:00
ch.ko123
94378680ca replaced jars with versions from maven repo to prepare migration 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@381 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-11 13:47:42 +00:00
ch.ko123
62bc77cbe7 replaced jars with versions from maven repo to prepare migration 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@380 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-11 11:07:01 +00:00
ch.ko123
de18bc56d2 replaced axis jars with versions from maven repo; removed catalina.jar no longer needed 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@379 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-10 23:39:11 +00:00
ch.ko123
215caee8be fixed typo (Issue 29) - test commit 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@378 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-07 21:15:11 +00:00
mayhew64@gmail.com
4897249cb8 5.3 Logo 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@377 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-02-04 13:06:48 +00:00
mayhew64
3cf801f58f Removed errors introduced in previous checkin. String and integer conflicts in JSP 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@374 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-02-03 17:55:27 +00:00
soylentmean
711097a340 Standardized all the HTML, clarified things, and fixed a whole bunch of grammar issues. 
I also changed the explanation for Browser Cache Poisoning; the old explanation was incorrect.  If I'm mistaken on that, feel free to revert that part of the explanation.


git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@369 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-12-11 20:04:15 +00:00
mayhew64
7998e60f29 Removed hardcoded webgoat path for URLs 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@367 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-11-21 16:57:23 +00:00
mayhew64
c0d2d13e5a Reported by dwpoon, Yesterday (17 hours ago) 
I would like to submit the attached patch to avoid hard-coding
"/WebGoat" as the webapp's context path, at least for the HTTP splitting
lesson.  This issue has also been reported in July 2007; see
https://lists.owasp.org/pipermail/owasp-webgoat/2007-July/000432.html

Also see Issue 15 http://code.google.com/p/webgoat/issues/detail?id=15


git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@366 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-11-21 12:57:14 +00:00
brandon.devries
5854b66614 minor bug fixes and enhancements, including proper dollar value formatting 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@364 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-08-14 14:31:17 +00:00
brandon.devries
a185de3fa0 minor changes and improving display issues 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@362 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-08-12 17:36:30 +00:00
brandon.devries
9c84df3d6c corrected spelling and some formatting 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@360 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-08-11 14:39:09 +00:00
mayhew64
7c8dcc37fb Logos that slipped through 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@356 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-07-12 16:04:22 +00:00
mayhew64
8f06b0197b Smaller eclipse workspace 
Changed workspace name to reflect WebGoat 
Added the video solutions link
Update readmen to reflect contributions and new stuff

git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@355 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-07-12 15:40:13 +00:00
mayhew64
084c43381b Added bug report 
Added message for missing solutions
Minor edits to lesson plans

git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@353 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-07-11 00:05:05 +00:00
mayhew64
536d29e78a Minor wording changes 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@352 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-07-09 00:25:02 +00:00
mayhew64
d590f7deb2 Minor wording edits 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@351 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-07-09 00:21:32 +00:00
mayhew64
71460125b6 Separated DB usage for messages in CSRF and Stored XSS 
Many cosmetic english changes
Fixed IE rendering for Challenge
 

git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@350 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-07-09 00:17:20 +00:00
mayhew64
29f0222258 Minor 5.2 changes. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@349 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-05-13 03:44:40 +00:00
mayhew64
6598829155 Added doc directory back into main project root. Build script moves doc to webcontent. 
Changed how to work with WebGoat picture to have original buttons 

git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@348 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-05-12 14:22:33 +00:00
mayhew64
cabc905d4b 5.2 Credits 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@345 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-22 15:38:21 +00:00
wirth.marcel
3e1d124434 Text edited 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@342 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-18 08:41:02 +00:00
wirth.marcel
5a0e7a5d7a Session Fixation lesson plan and solution edited 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@339 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-15 09:43:01 +00:00
wirth.marcel
c001a67b95 Minor Bugfixes 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@338 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-14 13:28:25 +00:00
wirth.marcel
15d80a3006 Minor fixes 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@337 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-14 12:03:55 +00:00
wirth.marcel
c4b5bb0758 Wireshark to useful tools added 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@336 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-14 09:24:12 +00:00
wirth.marcel
d7b43ba72c InsecureLogin solution edited 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@334 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-14 08:33:30 +00:00
wirth.marcel
8f89989223 Introduction Sectin altered 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@330 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-14 07:42:28 +00:00
wirth.marcel
2105f62f39 Solution changed. Figure added 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@329 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-13 22:18:33 +00:00
wirth.marcel
c99dd85aab Insecure Login lesson plan and solution 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@328 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-13 22:17:49 +00:00
wirth.marcel
e5814afccf Changed naming of Images: Image -> Figure 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@322 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-13 12:03:24 +00:00
wirth.marcel
ceb0286109 solution for MultiLevelLogin1 altered 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@321 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-13 11:54:42 +00:00
wirth.marcel
bb6d170035 Typo 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@320 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-13 11:48:51 +00:00
wirth.marcel
aa23b50c51 Tomcat Lessons Plan added 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@319 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-13 09:26:42 +00:00
wirth.marcel
0f5798c8d4 Solution for Session Fixation added 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@314 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-10 08:50:36 +00:00
wirth.marcel
8dd73fcf13 Session Fixation Lessons Plan 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@313 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-09 17:14:24 +00:00
wirth.marcel
e037d68da5 Look changed 
images altered

git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@312 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-09 14:15:18 +00:00
wirth.marcel
5d930ec235 * Hints added 
* Solutions added
* Bugfixes
* Introduction added (including how to start with webgoat and useful tools)
* New lesson: Password strength
* New lessons: Multi Level Login
* Not yet working new lesson: Session fixation (inital release)

git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@301 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-07 14:28:38 +00:00
mayhew64
742f1faa0b Obsolete file 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@275 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-02-05 21:19:09 +00:00
rogan.dawes
e64d676f06 fixing typo / bug 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@274 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-14 14:02:21 +00:00
rogan.dawes
b0b94c4688 Miscellaneous bug fixes 
divide by zero, inaccurate discount and totals, reflection of user input


git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@273 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-14 14:02:11 +00:00