3fa10c4b10
Update to Java 11
2019-01-15 16:23:03 +01:00
ec225558b9
Move to latest Spring Boot version and move to Java 11
2018-12-15 13:59:54 +01:00
dd1009bc54
Add Maven wrapper
2018-12-14 12:56:21 +01:00
bf45a0a8e5
Fix for XXE docs
2018-12-14 12:43:19 +01:00
f81a6852db
YAML structure fix, postgres version fix
...
The structure of the environment was incorrect. The postgres dialect doesn't match the postgres:latest image.
2018-11-19 08:16:49 +01:00
6699456ee1
Bug fix in sample code
2018-11-19 08:15:41 +01:00
ecbbb5258e
encapsulated the WEBGOAT_HOME in quotes
...
Encapsulating the `WEBGOAT_HOME` variable in quotes allows for spaces to exist in the path
2018-11-19 08:14:29 +01:00
1520c7571f
HTML Tampering Mitigation Description Typo
2018-11-19 08:13:17 +01:00
5921a06747
Fix SQL injection mitigation answer ( fixes #505 )
...
You need to submit the IP of the webgoat-prd server, not just any of the IPs.
2018-11-19 08:12:17 +01:00
b6e4995d11
Fixed Vagrant file
...
- Added correct wget urls for .jar files
- changed server address to 0.0.0.0(pointing to all interfaces) because by default it listens for connections on VM's localhost only but we want to access webgoat on NAT adapter via port forwarding
2018-11-19 08:10:11 +01:00
a2f28460c0
Update password_reset.html
...
Without this attribute it is impossible to pass the lesson "password-reset" `Email functionality with WebWolf`.
2018-11-19 08:08:41 +01:00
0797c3e2bf
Merge pull request #519 from pingiun/patch-1
...
Fix typo
2018-09-13 08:16:11 -07:00
f9a4061604
Fix typo
2018-09-12 09:54:44 +02:00
580e50f558
Same form post is used and with autocomplete this does not work because all fields will be posted. The endpoint could no long distinguish between the different actions (sending e-mail and checking password)
2018-08-10 13:15:40 +02:00
3d58049af6
docker-compose-local.yml now extends docker-compose.yml
...
WebWolf waits for 8 seconds after WebGoat starts so the database connection can be established
2018-08-08 18:26:12 +02:00
bca8b3c650
Fix buildscripts to wait for Docker and build snapshots
2018-08-08 18:23:27 +02:00
1252e3dc21
Update instructions to use docker-compose only
2018-07-17 20:17:35 +02:00
63a50df7a1
Add hint to lesson users no longer have guess the complete ip address
2018-07-06 18:22:29 +02:00
f9e552f1cd
Add instructions how to run WebGoat on Java 9 or higher
2018-07-04 19:15:54 +02:00
2233550fe1
Adding more solutions for SQL order by lesson
2018-06-22 14:12:37 +02:00
cb18295f9f
Update hint
2018-06-21 07:53:21 +02:00
651698d96c
Add different solution for XXE attack
2018-06-21 07:17:27 +02:00
4d7d0058c3
Update how to create a release document
2018-06-20 18:38:16 +02:00
e3fba396de
Merge tag 'v8.0.0.M21' into develop
2018-06-20 18:24:06 +02:00
3536fd0b6d
Merge branch 'release/v8.0.0.M21'
2018-06-20 18:23:59 +02:00
bc84e8f207
Build release when tag is set
2018-06-20 18:22:35 +02:00
14dbd47675
Merge tag 'v8.0.0.M20' into develop
...
New release M20
2018-06-20 18:06:26 +02:00
898dd90c6f
Merge branch 'release/v8.0.0.M20'
2018-06-20 18:06:17 +02:00
ac12a009e4
New release v8.0.0.M20
2018-06-20 18:05:59 +02:00
699b1bfd89
Only do releases and Docker updates when building master
2018-06-20 18:05:06 +02:00
ad77a7ab24
Merge tag 'v8.0.0.M19' into develop
...
New release M19
2018-06-20 16:40:44 +02:00
b7278590f5
Merge branch 'release/v8.0.0.M19'
2018-06-20 16:40:33 +02:00
9dd93d88d9
New release v8.0.0.M19
2018-06-20 16:40:28 +02:00
4c767cb977
Merge tag 'v8.0.0.M18' into develop
...
New release
2018-06-20 16:32:44 +02:00
12123ef13b
Merge branch 'release/v8.0.0.M18'
2018-06-20 16:32:31 +02:00
c7da546249
Improve text for lesson about CSRF login
2018-06-16 17:52:18 +02:00
a41ff0083c
Merge pull request #479 from misfir3/develop
...
Recent updates, including Missing Function AC content & patch for Vuln Components Lesson
2018-06-13 18:44:09 -06:00
701a99cf8f
Merge pull request #487 from matthias-g/xssFixes
...
Small lesson improvements
2018-06-13 18:42:14 -06:00
844808bfa7
Merge pull request #485 from matthias-g/fixSQLInjection
...
Fix sql injection
2018-06-13 18:41:05 -06:00
81aac93dfe
Usage base64 encoded password as expected by JJWT
2018-06-13 17:58:52 +02:00
e5ec2c1ee0
Fix html attribute
2018-06-13 17:56:57 +02:00
b0fbeaff2c
This improves the text of the lesson about XSS
2018-06-13 17:56:23 +02:00
b47bb96534
Update changed password in tests
2018-06-13 16:11:28 +02:00
3b9b695ef1
Check host header instead of origin which might not be present #475
2018-06-13 11:38:33 +02:00
1d2575a211
Allow - in usernames because CSRF lesson requires username starting with prefix crsf- #476
2018-06-13 11:38:33 +02:00
56fc983414
Update database layout so that proposed solution works
2018-06-12 17:40:28 +02:00
268adbcf7e
Move assignments to correct package so that hints are shown
2018-06-12 17:40:28 +02:00
f383454440
Fix spelling in JWT lesson
2018-06-12 11:02:51 +02:00
bae3e75ae2
Fix minor issues in hint view
2018-06-12 11:02:16 +02:00
a7b82985d4
Fix usage of JJWT API which expects base64 encoded strings as key
2018-06-12 11:01:23 +02:00
