49c3008fe2
Typo fix for CSRF content
2017-10-13 10:33:38 -06:00
9e66ee177d
Image Cleanup for Http Proxies
2017-10-13 10:13:07 -06:00
f9a43d0961
xss updates
2017-10-13 09:52:19 -06:00
8d488c6ac6
More CSRF Updates
2017-10-13 09:28:41 -06:00
b03a32f92c
update to do CSRF-based comment forging
2017-10-12 18:17:48 -06:00
d0ec84e9a6
Merge remote-tracking branch 'upstream/develop' into develop
2017-10-11 20:29:47 -06:00
b156d81535
Initial cut on CSRF. More to come
2017-10-11 20:06:57 -06:00
5033c3661a
Cleaning up test case logging
2017-10-08 02:07:22 +02:00
8a982dedb5
Updated XXE lesson so it also uses WebWolf
2017-10-07 13:46:34 +02:00
46c536554c
- Added new challenges
...
- Added new webapplication called WebWolf to make attacks more realistic
- Added WebWolf lesson to explain the concepts behind this new application
2017-09-12 23:12:10 +02:00
ec2ab55749
fixing test directory structure
2017-08-09 00:24:04 -06:00
2463f534b5
Formatting and bumping file in test dir
2017-08-09 00:19:34 -06:00
8f740ace73
additional tests, one fix
2017-08-08 23:56:43 -06:00
476ab415a4
More tests for AC lesson
2017-08-08 18:47:49 -06:00
b8d17a1cfd
Basic endpoint tests added
2017-08-08 18:06:18 -06:00
b41751a55c
missing function level ac working again ... after VM implosion
2017-08-08 17:15:20 -06:00
8df1d53471
interim missing function ac commit, traversing dev. env.
2017-08-08 09:28:09 -06:00
06bf690a3a
Merge remote-tracking branch 'upstream/develop' into develop
2017-08-02 19:12:29 -04:00
10e5edbc36
temp. removal of offending UT
2017-08-02 19:06:55 -04:00
b06fb72a74
Fixed typo
2017-07-25 17:41:37 +02:00
f1a104f0ab
merging missing function-level-ac lesson
2017-07-25 09:44:10 -04:00
8186bd4766
css and xss updates
2017-07-24 18:05:57 -04:00
c44186f986
start of missing function ac lesson
2017-07-24 16:26:23 -04:00
fc05a68ef7
update to IDOR hints
2017-07-19 16:00:10 -04:00
9e1e4c1d2a
Merge remote-tracking branch 'upstream/develop' into auth-bypass
2017-07-19 08:58:24 -04:00
b57cfd06b1
Started testing. Having issues, but commiting stubs and making ticket to return
2017-07-19 08:56:48 -04:00
89bfc3f12d
fixing image
2017-07-18 17:54:50 -04:00
9b643728f8
verify account assignment hints
2017-07-18 17:48:57 -04:00
0cb4faf15f
refactor to support cleaner scoping && success and failure callbacks
2017-07-18 17:39:58 -04:00
ce7c271bb5
initial cut on auth-bypass lesson
2017-07-18 15:59:46 -04:00
cac1fb17e4
minor update to getting started file
...
Updating Base Class section/description
2017-07-12 16:59:13 -04:00
82ef171a50
XSS Lesson Modifications ( #367 )
...
* initial cut on XSS, need to add some tests still
* initial unit tests for assignment endpoints
* updating header comment license thingy
* comment, clean up
* Stubs for security unit test
* Additional Unit Testing
* isEncoded and isNotEncoded Unit Tests added
* http-proxies updates
* update for XXE solutions
* Work-around to handle special chars in action ... currently to be able to match {userId} in hint creation/assignment for IDOR
* IDOR hints updated
* mitigation content update
* mitigation content update ... 2
* Lesson Overview updates
* including restart lesson fix for lesson overview
2017-07-10 08:33:10 -04:00
921561cf32
mitigation content update ... 2
2017-06-27 11:33:39 -04:00
ebb851b361
mitigation content update
2017-06-27 11:28:16 -04:00
296723508b
IDOR hints updated
2017-06-27 10:26:22 -04:00
dd18e68660
merge of upstream, conflict resolution
2017-06-27 08:30:58 -04:00
3a9bb946ed
update for XXE solutions
2017-06-27 08:27:06 -04:00
3ec5b8708e
clean up of unneeded stuff in pom
2017-06-23 14:46:40 -04:00
ccb4e3813b
#353 - lesson template/guide
2017-06-23 14:46:09 -04:00
edceba73fe
- Added testcases for bypassing frontend validation.
...
- Improved layout of the lesson
- Fixed JavaScript issues with 'let'
2017-06-16 01:16:31 +02:00
bf210de013
Added testcase for SQL lesson 6b
2017-06-16 00:33:02 +02:00
e808abd504
Added testcase for SQL lesson 6a
2017-06-16 00:23:40 +02:00
f1fd214580
Added more testcases for the SQL lesson 12
2017-06-15 23:49:03 +02:00
7809057208
Enabled the challenges again to make them visible for everybody who starts WebGoat
2017-06-15 23:38:04 +02:00
36ad73c800
Added more mitigations for XXE
2017-06-15 23:36:51 +02:00
a484467419
Adding extra lesson for order by clauses
2017-06-15 19:08:19 +02:00
ee912f734b
Added SQL injection from challenge to lesson and added content for a blind sql injection
2017-06-15 19:08:19 +02:00
0740c4ba95
Split large SQL lesson
2017-06-15 19:08:19 +02:00
b048988d2f
Changed layout of the html tampering lesson and fixed some JavaScript issues. Added a small mitigation page.
...
Moved the lessons concerning client side validation to client side category
2017-06-13 03:22:19 +02:00
09d8fef50e
Merge branch 'develop' of github.com:WebGoat/WebGoat into develop
2017-06-12 20:02:30 +02:00
