dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,208 Commits 11 Branches 78 Tags
Commit Graph

224 Commits

Author SHA1 Message Date
Nanne Baars
dceb375d5e WIP 2019-09-13 18:57:40 +02:00
Nanne Baars
361249c666 First attempt at moving to Spring Boot 2 2019-09-12 17:22:03 +02:00
Nanne Baars
2283f945a9 Fix failing configuration 2019-08-25 17:53:36 +02:00
Nanne Baars
ff530e926e Use separate project for integration tests so we can start WebGoat and WebWolf 2019-08-25 17:43:14 +02:00
TortugaAttack
f0d1555a09 Fixed #45 - multiple tracker for one user fixed 2019-08-21 23:38:27 +02:00
Nanne Baars
e61c943f97 #601 bug: username is case sensitive, but email in general is not 
Opted for completing remove support for uppercase letters in username
this way we never come across issued with casing in WebGoat
 2019-07-28 20:48:20 +02:00
René Zubcevic
ae674b9297
Merge pull request #620 from zubcevic/july2019-bugfixes 
increased sql form fields and fixed chrome progress
 2019-07-25 08:39:34 +02:00
Nanne Baars
216b29fca2 Clean up in pom files 2019-07-24 20:37:32 +02:00
Rene Zubcevic
ea38973068 UTF-8 config added for ThymeLeaf 2019-07-22 08:21:34 +02:00
Rene Zubcevic
63a1097466 owasp categories 2019-07-14 12:38:11 +02:00
Rene Zubcevic
e57c9d05b6 added checkbox and corrected fall back for the other labels 2019-04-21 14:10:01 +02:00
Max Geldner
b02a01d35e squash 2019-03-26 08:43:38 +01:00
Max Geldner
6d974b5fa8 Fixed lesson sorting issue 2019-03-26 08:43:38 +01:00
Benedikt - Desktop
1bcddaf710 Reworked and polished assignment 8 and 9 (C and I) 2019-03-26 08:43:38 +01:00
Benedikt - Desktop
6fe7582dfb Added an assignment for compromising availability to the sql injections (introduction). 
WIP
 2019-03-26 08:43:38 +01:00
Benedikt - Desktop
75b1895122 Added a new lessons for sql injections on "Compromising confidentiality with String SQL Injection" 2019-03-26 08:43:38 +01:00
Rene Zubcevic
6e36cc1ea4 removed unnecessary interceptors 2019-03-26 08:37:47 +01:00
Rene Zubcevic
1c2648e0a9 disable the fallback to the system locale to fix unit test and establish the desired behaviour 2019-03-26 08:37:47 +01:00
Nanne Baars
ed490a5ecf Fix for #545 
Introduced new macro to make a clear distinction between /WebWolf with
context root and without.
 2019-01-16 11:07:30 +01:00
misfir3
844808bfa7
Merge pull request #485 from matthias-g/fixSQLInjection 
Fix sql injection
 2018-06-13 18:41:05 -06:00
Matthias Grundmann
1d2575a211 Allow - in usernames because CSRF lesson requires username starting with prefix crsf- #476 2018-06-13 11:38:33 +02:00
Matthias Grundmann
56fc983414
Update database layout so that proposed solution works 2018-06-12 17:40:28 +02:00
Nanne Baars
fc2c99bcb4 Limit the username to letters and digits only 2018-05-29 16:16:52 +02:00
Nanne Baars
60ef35e241 Working lesson 2018-05-23 14:28:19 +02:00
Nanne Baars
9d7886d572 More JWT work 2018-05-23 14:28:19 +02:00
Nanne Baars
ea9c1a453d Initial version for JWT 2018-05-23 14:28:19 +02:00
Jose Selvi
84860e65f6 Insecure Deserialization exercise 2018-05-23 13:58:03 +02:00
Nanne Baars
8050a2b56d XXE lesson not showing correct link for WebWolf 2018-05-01 21:54:28 +02:00
Nanne Baars
e4ca0c4836 Make report working again 2018-04-27 19:26:01 +02:00
Nanne Baars
e422da4c64 Polling for lesson updates (updates the menu and page navigation) 2018-04-27 18:50:13 +02:00
Nanne Baars
245ba2c3d1 Fix XXE lesson, the exact .webgoat directory including version number will be put in the lesson. 2018-04-24 20:44:05 +02:00
Nanne Baars
672d78eebc Resource bundle in UTF-8 2018-04-23 16:12:50 +02:00
nbaars
b99b554522 Version: docker 8.0.0.M9 Multiple users can't finalize the same lesson #432 2018-01-29 15:29:48 +01:00
nbaars
ee11381a63 Fixed database issue mappings 2018-01-21 17:13:28 +01:00
nbaars
2cc6c232e2 Added macro for asciidoc to produce the WebWolf link dynamically depending on configuration 2018-01-15 20:56:59 +01:00
nbaars
a6b9235711 SQL Error '-104' in XSS Lesson Page 7 #416 2018-01-10 12:48:45 +01:00
nbaars
c6e86861fe Removed Mongodb, so we do not have issues with downloading the embedded Mongodb. Moved back to JPA and use HSQLDB for storing user information. 2017-12-29 22:12:21 +01:00
nbaars
dd7f4074cd Added encoding for asciidoc 2017-12-28 00:16:16 +01:00
Nanne Baars
43b82027f5 Added more content for CSRF lesson 2017-11-22 01:34:05 +01:00
Nanne Baars
5eed385d5d When an adoc file cannot be found the complete lesson crashed, made it failsafe with a logging statement. 2017-11-17 07:08:24 +01:00
Nanne Baars
fc1353b2f1 Pom cleanup 2017-11-02 16:14:44 +01:00
Nanne Baars
3ee1a1ca16 Travis now builds Docker and create a Github release. 
Removed ActiveMQ between WebGoat and WebWolf they now act as standalone applications
 2017-10-18 10:54:16 +02:00
Jason White
d0ec84e9a6 Merge remote-tracking branch 'upstream/develop' into develop 2017-10-11 20:29:47 -06:00
Jason White
b156d81535 Initial cut on CSRF. More to come 2017-10-11 20:06:57 -06:00
Nanne Baars
46c536554c - Added new challenges 
- Added new webapplication called WebWolf to make attacks more realistic
- Added WebWolf lesson to explain the concepts behind this new application
 2017-09-12 23:12:10 +02:00
Jason White
b41751a55c missing function level ac working again ... after VM implosion 2017-08-08 17:15:20 -06:00
Jason White
8df1d53471 interim missing function ac commit, traversing dev. env. 2017-08-08 09:28:09 -06:00
Jason White
c44186f986 start of missing function ac lesson 2017-07-24 16:26:23 -04:00
Jason White
dce962bdeb Updating Category ordering, closer to T10 2017-07-19 15:54:50 -04:00
Jason White
ccb4e3813b #353 - lesson template/guide 2017-06-23 14:46:09 -04:00