dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
362 Commits 11 Branches 78 Tags
d971d2f7341c742f1ce001b044c83257dff9d6cc
Commit Graph

45 Commits

Author SHA1 Message Date
cam.morris
85c6843ee4 This change includes two additional CSRF lessons. One for 
by-passing a prompt (showing why prompts don't work).  The second for
by-passing CSRF tokens when XSS exists. 

It also modifies the existing CSRF lesson so that the lesson
can be extended and used by the two new lessons.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@386 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-23 21:23:17 +00:00
chuck@securityfoundry.com
72936c72b9 Three new lessons and supporting files and changes to other files. Some changes to other files may not be quite the "right" way to accomplish my goal, so they may need to be updated. I deleted the old BlindSQLInjection lesson (which was by me) since it is replaced by the two new lessons for BlindNumericSqlInjection and BlindStringSqlInjection. Other new lesson is for MaliciousFileExecution, which requires the Apache Commons fileupload library (which in turn needs the commons io library). 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@385 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-20 04:30:00 +00:00
chuck@securityfoundry.com
cef196e172 Re-adding .jar file that appears to have been removed recently. Re-adding this file should fix build some build errors. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@384 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-20 03:56:46 +00:00
ch.ko123
271d746153 infos to dependencies 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@382 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-11 15:19:25 +00:00
ch.ko123
34270c8931 replaced jars with versions from maven repo to prepare migration 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@381 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-11 13:47:42 +00:00
ch.ko123
24acd5081d replaced jars with versions from maven repo to prepare migration 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@380 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-11 11:07:01 +00:00
ch.ko123
c719c47128 replaced axis jars with versions from maven repo; removed catalina.jar no longer needed 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@379 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-10 23:39:11 +00:00
ch.ko123
87ce172faa fixed typo (Issue 29) - test commit 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@378 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-07 21:15:11 +00:00
mayhew64@gmail.com
f5200a8fd0 5.3 Logo 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@377 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-02-04 13:06:48 +00:00
mayhew64
88a730f225 Removed errors introduced in previous checkin. String and integer conflicts in JSP 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@374 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-02-03 17:55:27 +00:00
soylentmean
64899b3ee3 Standardized all the HTML, clarified things, and fixed a whole bunch of grammar issues. 
I also changed the explanation for Browser Cache Poisoning; the old explanation was incorrect.  If I'm mistaken on that, feel free to revert that part of the explanation.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@369 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-12-11 20:04:15 +00:00
mayhew64
9d8c58bef3 Removed hardcoded webgoat path for URLs 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@367 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-11-21 16:57:23 +00:00
mayhew64
bab1f6aeb7 Reported by dwpoon, Yesterday (17 hours ago) 
I would like to submit the attached patch to avoid hard-coding
"/WebGoat" as the webapp's context path, at least for the HTTP splitting
lesson.  This issue has also been reported in July 2007; see
https://lists.owasp.org/pipermail/owasp-webgoat/2007-July/000432.html

Also see Issue 15 http://code.google.com/p/webgoat/issues/detail?id=15


git-svn-id: http://webgoat.googlecode.com/svn/trunk@366 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-11-21 12:57:14 +00:00
brandon.devries
5337ef31ff minor bug fixes and enhancements, including proper dollar value formatting 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@364 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-08-14 14:31:17 +00:00
brandon.devries
4c242f52dc minor changes and improving display issues 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@362 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-08-12 17:36:30 +00:00
brandon.devries
2203a1ebd2 corrected spelling and some formatting 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@360 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-08-11 14:39:09 +00:00
mayhew64
ae79118f55 Logos that slipped through 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@356 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-07-12 16:04:22 +00:00
mayhew64
d849168ce1 Smaller eclipse workspace 
Changed workspace name to reflect WebGoat 
Added the video solutions link
Update readmen to reflect contributions and new stuff

git-svn-id: http://webgoat.googlecode.com/svn/trunk@355 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-07-12 15:40:13 +00:00
mayhew64
fbf2a079c8 Added bug report 
Added message for missing solutions
Minor edits to lesson plans

git-svn-id: http://webgoat.googlecode.com/svn/trunk@353 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-07-11 00:05:05 +00:00
mayhew64
2a0d5b62a4 Minor wording changes 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@352 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-07-09 00:25:02 +00:00
mayhew64
5d75ed4cae Minor wording edits 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@351 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-07-09 00:21:32 +00:00
mayhew64
ec95ba4089 Separated DB usage for messages in CSRF and Stored XSS 
Many cosmetic english changes
Fixed IE rendering for Challenge
 

git-svn-id: http://webgoat.googlecode.com/svn/trunk@350 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-07-09 00:17:20 +00:00
mayhew64
b0ade9782e Minor 5.2 changes. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@349 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-05-13 03:44:40 +00:00
mayhew64
ad0b90bd24 Added doc directory back into main project root. Build script moves doc to webcontent. 
Changed how to work with WebGoat picture to have original buttons 

git-svn-id: http://webgoat.googlecode.com/svn/trunk@348 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-05-12 14:22:33 +00:00
mayhew64
bbcd546137 5.2 Credits 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@345 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-22 15:38:21 +00:00
wirth.marcel
c7776ece65 Text edited 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@342 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-18 08:41:02 +00:00
wirth.marcel
3a1397f178 Session Fixation lesson plan and solution edited 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@339 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-15 09:43:01 +00:00
wirth.marcel
e2ca7f9a33 Minor Bugfixes 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@338 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-14 13:28:25 +00:00
wirth.marcel
80d07fb62c Minor fixes 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@337 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-14 12:03:55 +00:00
wirth.marcel
7ecf14530b Wireshark to useful tools added 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@336 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-14 09:24:12 +00:00
wirth.marcel
efd77a001e InsecureLogin solution edited 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@334 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-14 08:33:30 +00:00
wirth.marcel
ff64cf84c0 Introduction Sectin altered 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@330 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-14 07:42:28 +00:00
wirth.marcel
bb327cc3c8 Solution changed. Figure added 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@329 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-13 22:18:33 +00:00
wirth.marcel
691af307c5 Insecure Login lesson plan and solution 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@328 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-13 22:17:49 +00:00
wirth.marcel
89e67715fd Changed naming of Images: Image -> Figure 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@322 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-13 12:03:24 +00:00
wirth.marcel
cfbfbd0313 solution for MultiLevelLogin1 altered 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@321 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-13 11:54:42 +00:00
wirth.marcel
f58d8ee066 Typo 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@320 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-13 11:48:51 +00:00
wirth.marcel
4f712c1d5c Tomcat Lessons Plan added 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@319 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-13 09:26:42 +00:00
wirth.marcel
3e2b49b229 Solution for Session Fixation added 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@314 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-10 08:50:36 +00:00
wirth.marcel
e3bc01dc52 Session Fixation Lessons Plan 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@313 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-09 17:14:24 +00:00
wirth.marcel
b638314dd1 Look changed 
images altered

git-svn-id: http://webgoat.googlecode.com/svn/trunk@312 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-09 14:15:18 +00:00
wirth.marcel
82e32acb77 * Hints added 
* Solutions added
* Bugfixes
* Introduction added (including how to start with webgoat and useful tools)
* New lesson: Password strength
* New lessons: Multi Level Login
* Not yet working new lesson: Session fixation (inital release)

git-svn-id: http://webgoat.googlecode.com/svn/trunk@301 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-07 14:28:38 +00:00
mayhew64
5e8f7c7096 Obsolete file 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@275 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-02-05 21:19:09 +00:00
rogan.dawes
dbfabf44b3 fixing typo / bug 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@274 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-14 14:02:21 +00:00
mayhew64
72c18c5426 Removed space from " webgoat" directory name 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@272 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-12 17:42:01 +00:00