dac011db78
fix failing test (order)
2020-10-21 08:05:53 +02:00
41879c4603
Blind XXE lesson blocks including the file in the comment directly
2020-10-20 22:09:49 +02:00
317573c897
Small fixes june 2020 ( #857 )
...
* issue 849
* another integration test for a challenge
* fixing issue 848
* updated link for issue 833
* fix for 847
2020-07-08 19:26:09 +02:00
671691a5ed
XXE_changing_content_type.adoc: Typo fixes
2020-05-24 09:56:43 +02:00
f326755190
XXE_intro.adoc: Typo fixes
2020-05-24 09:56:43 +02:00
99edda6029
XXE_plan.adoc: Typo fixes
2020-05-24 09:56:43 +02:00
5739705d8a
Process review comments
2020-05-22 10:10:42 +02:00
9b72610510
Extend XXE lesson with more content and add solution description
...
Remove obsolete images
Add stylesheet items specific for asciidoctor so we can for icons and source numbering
2020-05-22 10:10:42 +02:00
4e371b63d0
suppressing some useless log messages and banners in unit tests ( #752 )
...
* suppressing some useless log messages and banners in unit tests
* some more log suppressed
2020-01-25 12:11:45 +01:00
5dd6b31905
Adjust lesson template ( #704 )
...
* Remove method `getId()` from all lessons as it defaults to the class name
* remove clean up endpoint
* remove unused class `RequestParameter`
* remove unused class `PluginLoadingFailure`
* Move `CourseConfiguration` to lesson package
* Add more content around the lesson template lesson and make it visible as a lesson in WebGoat
* Remove explicit invocation `trackProgress()` inside WebGoat framework so assignments only need to return an `AttackResult`
* Put original solution back as well for SQL string injection
* review comments
* Add
2019-11-17 13:39:56 +01:00
1a83e2825e
Code style ( #696 )
...
* Remove Guava dependency from WebGoat
* Add Checkstyle to the project with very basic standards so we have a
style across lessons. It does not interfere with basic Intellij formatting
2019-11-03 18:11:09 +01:00
663224d06a
xxe path info ( #670 )
...
* xxe path info aid added
* xxe path info aid added
* changes to template file and hints
* added ssl test support for XXE
* added ssl test support for XXE
* restconfig replaced by httpsrelaxed
* processed review comments on hints and example
2019-10-02 09:59:32 +02:00
9b906a2a29
Fix typo in XXE lesson
2019-09-25 00:37:36 +08:00
35c1305ce9
Merge conflicts resolved
2019-09-23 07:34:27 +02:00
e8d086ac9b
All successful
2019-09-20 07:59:04 +02:00
82ad0a7cc7
Finally working
2019-09-18 17:53:43 +02:00
ec236a4ff5
First steps in XXE integration tests
2019-09-18 14:48:34 +02:00
5e6f825e64
WIP
2019-09-13 16:42:13 +02:00
361249c666
First attempt at moving to Spring Boot 2
2019-09-12 17:22:03 +02:00
63a1097466
owasp categories
2019-07-14 12:38:11 +02:00
aa2eac0cd8
fixed test
2019-04-21 14:14:23 +02:00
6d974b5fa8
Fixed lesson sorting issue
2019-03-26 08:43:38 +01:00
4050e899ff
changed unit test to dynamic port to prevent port conflict and build failure
2019-03-26 08:37:47 +01:00
ed490a5ecf
Fix for #545
...
Introduced new macro to make a clear distinction between /WebWolf with
context root and without.
2019-01-16 11:07:30 +01:00
bf45a0a8e5
Fix for XXE docs
2018-12-14 12:43:19 +01:00
651698d96c
Add different solution for XXE attack
2018-06-21 07:17:27 +02:00
ecb7688e08
Update to new version for develop
...
Move WebWolf to port 9090 easier since most of the time something is running on 8081
Add scripts for easy building Docker files etc
2018-05-30 13:17:05 +02:00
1edceb0aa8
Extended and fixed some lessons
2018-05-27 20:37:44 +02:00
d2b6725f3b
Moved challenge2 to client-side-filtering as final assignment
2018-05-27 12:41:52 +02:00
8050a2b56d
XXE lesson not showing correct link for WebWolf
2018-05-01 21:54:28 +02:00
11ffa5702c
Added "WebWolf" enabled to the lessons which support the usage of WebWolf
2018-04-29 15:02:19 +02:00
e4ca0c4836
Make report working again
2018-04-27 19:26:01 +02:00
245ba2c3d1
Fix XXE lesson, the exact .webgoat directory including version number will be put in the lesson.
2018-04-24 20:44:05 +02:00
568fa82270
fixed ContentTypeAssignment and SimpleXXE to work with MacOSX
2018-01-13 16:00:11 +00:00
75d0405da1
Fixed XXE lesson the posting of the comments did not show up directly only after page refresh
2017-11-17 07:07:43 +01:00
56fc0fce05
Added test for XXE
2017-11-02 20:41:30 +01:00
fc1353b2f1
Pom cleanup
2017-11-02 16:14:44 +01:00
5033c3661a
Cleaning up test case logging
2017-10-08 02:07:22 +02:00
8a982dedb5
Updated XXE lesson so it also uses WebWolf
2017-10-07 13:46:34 +02:00
0cb4faf15f
refactor to support cleaner scoping && success and failure callbacks
2017-07-18 17:39:58 -04:00
36ad73c800
Added more mitigations for XXE
2017-06-15 23:36:51 +02:00
99f75a835c
#359 Fixed
2017-06-12 20:02:21 +02:00
52a48df70c
XXE successfully completed message was no longer shown, fixed it by using form POST together with customjs functions.
...
Introduced callback functionality which you can specify after the posting in order to be able to load the comments list again.
2017-06-12 15:08:55 +02:00
19a4859e4f
Fix hint not being display correctly due to missing escaping
2017-06-12 13:03:14 +02:00
129e9deba9
Added testcase for SQL injection lesson
2017-05-21 16:40:52 +02:00
0ad1f0d147
Fixing Travis issues while building
2017-05-21 13:28:29 +02:00
edea515564
Test failed due to hardcoded path
2017-05-21 12:46:10 +02:00
877de6ebd4
Updated XXE lessons with challenge screens
2017-05-21 12:24:42 +02:00
6f0f71b131
Changed XXE lessons to use photo comment example
2017-05-04 06:25:11 +02:00
4a061f61a6
Integrated XXE assigment from CTF to XXE lesson
2017-05-04 02:25:56 +02:00
