dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,653 Commits 11 Branches 78 Tags
ec954046db7af5d5ce9ff9a03ad31843cfb1591a
Commit Graph

572 Commits

Author SHA1 Message Date
Nanne Baars
3ad51e6d6b Rewrite lesson to be self-contained and not depend on the core of WebGoat for fetching users 
Split the assignment into 2 assignments
 2021-11-16 16:32:43 +01:00
Nanne Baars
9e6ed11aa7 Remove link to lesson.css as they belong to the lesson 2021-11-16 16:32:43 +01:00
Nanne Baars
bcaf4485c2 Move css to lesson itself 2021-11-16 16:32:43 +01:00
Nanne Baars
22af35a9a7 Add favicon to WebGoat/WebWolf 2021-11-16 16:32:29 +01:00
Nanne Baars
ad97e2c9a3 Remove activation dependency 2021-10-28 21:19:05 +02:00
Nanne Baars
ff67ee6484 Update to correct version 2021-10-04 14:40:19 +02:00
Nanne Baars
04d1293a33 #1045: Run build with Java 16 2021-09-23 16:09:28 +02:00
Àngel Ollé Blázquez
9af514f3eb WebWolf DataSource Discovery 2021-09-23 15:57:48 +02:00
Àngel Ollé Blázquez
8e567b0f86 Spoofing an Authentication Cookie lesson 2021-09-23 15:51:17 +02:00
Nanne Baars
60bd04b9aa Move to snapshot version 2021-07-29 11:13:16 +03:00
Nanne Baars
a641a19615 Add zip slip to path traversal lesson 2021-05-23 21:18:56 +02:00
Nanne Baars
a91d45dea5 Fix other macros as well 2021-05-23 20:11:23 +02:00
Nanne Baars
69a370f438 New release, updating pom.xml 2021-05-23 20:11:23 +02:00
Nanne Baars
a1071e9c00 Fix return type of asciidoctor macro implementation. 2021-04-23 15:11:56 +02:00
Nanne Baars
e49f5d610f #961: Give each user its own schema for the lessons 
This way we can reset a lesson using the database for each user and not for all users at once.
Also solves the issue that when someone solves the lesson it is solved for all users on the same WebGoat instance
 2021-04-16 13:28:07 +02:00
Nanne Baars
b3f7a5338e Update to latest versions 2021-04-03 10:58:22 +02:00
Nanne Baars
23f67b3d25 Remove unknown field which is set by reflection 2021-03-31 19:31:13 +02:00
Nanne Baars
1d6a5ca01b Run unit tests again and rewrite all to JUnit 5 
Due to the migration to Spring Boot 2.4 the Vintage dependency was no longer included by default, resulting in skipping all unit tests.
 2021-03-31 19:31:13 +02:00
Nanne Baars
ae6d448aa0 Replace ${revision} with real version as Maven 
The CI pipeline should take care of this.
 2021-03-31 19:31:13 +02:00
webgoat-github
b8bdb8f432 Updating to the new development version 2021-03-30 14:05:26 +00:00
Nanne Baars
ead1d6fffb Bootstrap requires jQuery 2021-03-15 17:48:13 +01:00
Nanne Baars
9b81cb44fa Bootstrap loads now, otherwise dropdown etc does not work 2021-03-15 17:48:13 +01:00
Nanne Baars
142631c7a0 WIP 2021-03-15 17:48:13 +01:00
Maxim Masiutin
ad5ab4ca2e Fixes #321 (#935) 
Copyright year was "20014", replaced to "2014"
Fixed the old github.io URL which no longer exist
See https://github.com/WebGoat/WebGoat/issues/321
 2021-02-18 19:06:11 +01:00
avivmu
74b218b2a7 Use try with resources instead of try (#921) 
* Use try with resources instead of try

* Remove unused lesson

* Remove unused fields
 2021-01-13 18:21:04 +01:00
René Zubcevic
8235ea0f58 Custom menu (#901) 
* added way to customize menu

* fixed unit mock test

* updated release notes

* updated release notes

* default none exclude
 2020-11-27 14:36:57 +01:00
René Zubcevic
6bee0f3fa6 layout of page improved and ordered ranking (#903) 2020-11-27 13:58:58 +01:00
René Zubcevic
574039902d changed version to snapshot version and introduced revision parameter 
for it
 2020-11-27 12:15:19 +01:00
Nanne Baars
f3e3cbd45f Improve navigation bar (#890) 
* Remove Raspberry pi Docker file

* Remove old show-source/solution and plan button

* Remove commented out code

* Improve navigation

* Remove underline from navigation and remove margin of left navigation button

* Make arrow a bit smaller so it aligns a bit better with the navigation bar itself
 2020-11-13 07:24:52 +01:00
Nanne Baars
db3015e0bc When current lesson is not set do not try to remove selected class as there is no element selected. 
The current lesson is now selected correctly so it makes it easier to see which item in the menu is selected
 2020-11-04 21:33:57 +01:00
Nanne Baars
fa9b5ae87d Remove option to hide menu with the lessons 2020-11-04 21:33:57 +01:00
Nanne Baars
36cf028334 Remove blinking navigation buttons 2020-11-04 21:33:57 +01:00
Nanne Baars
39740e069e New release 2020-05-22 14:10:31 +02:00
Nanne Baars
9b72610510 Extend XXE lesson with more content and add solution description 
Remove obsolete images
Add stylesheet items specific for asciidoctor so we can for icons and source numbering
 2020-05-22 10:10:42 +02:00
René Zubcevic
f520c3589c flag submission fixed (#812) 2020-05-07 11:04:00 +02:00
René Zubcevic
832d6432fc fix for JWT green button and WebWolf intro green button and added jwt int tests (#808) 2020-05-07 08:28:45 +02:00
René Zubcevic
9dea696c4c added int test for IDOR and fixed green button issue (#801) 2020-04-29 12:12:11 +02:00
René Zubcevic
2398949396 added ace js for java 2020-04-28 09:33:54 +02:00
Nanne Baars
54610868fe Fix the syntax differences between HSQL and Postgres 2020-04-27 11:45:41 +02:00
René Zubcevic
88eb4d7b26 ace editor added without all the nonsense around it 2020-04-26 16:45:56 +02:00
Nanne Baars
4f649234a9 Fix Java 11 issue where the order of methods returned in AssignmentEndpoint subclasses returned wrong method for determining the mapping of an assignment. Now we walk over all methods until we find one which has for example a @GetMapping with AttackResult or ResponseEntity<AttackResult as return type. If no such method is found an exception is thrown 2020-04-19 15:42:50 +02:00
René Zubcevic
089952e9ad quiz fix for CIA, SQL Injection Advanced and XSS + XSS description 
change in alert(document.cookie)
 2020-04-17 15:33:26 +02:00
René Zubcevic
b8abc99faf fix for scoreboard after js refactoring 2020-04-08 12:05:01 +02:00
René Zubcevic
e921fb66a9 actual working version of vulnerable components part 5 2020-04-08 12:05:01 +02:00
René Zubcevic
e25f7a7560 clean up and update js 2020-04-08 12:05:01 +02:00
René Zubcevic
c4153ecbfb Maven owasp dep update (#776) 
* add pmd and owasp dependency check through -P owasp profile

* suppress full stack trace in log

* revert to spring 2.2.0 as 2.2.4 failed in travis

* added owasp dependency check maven configuration details to vulenerable
lesson page 7
 2020-04-06 16:01:09 +02:00
Nanne Baars
3ece45b3d4 Fix for not passing the content-type 2020-03-10 08:03:48 +01:00
Nanne Baars
6b7678fb1d Remove old files 2020-03-10 08:03:48 +01:00
Nanne Baars
6c25cf8e43 Add path traversal lesson 2020-03-10 08:03:48 +01:00
René Zubcevic
a8118a14cd add support for status 403 feedback from e.g. ModSecurity/CRS 2020-02-28 23:06:42 +01:00