dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
198 Commits 11 Branches 78 Tags
Commit Graph

29 Commits

Author SHA1 Message Date
rogan.dawes
fb76b4916f Unify web.xml files. Also update the webgoat contact email address 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@202 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:37:42 +00:00
rogan.dawes
002dbbf53c Point the windows config file to use the HSQLDB database 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@198 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:36:11 +00:00
rogan.dawes
c1ddbd078f Correctly specify an in-memory database 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@195 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:35:31 +00:00
rogan.dawes
7af27f7d1b Make per-user in-memory databases actually work 
Previously we would just get a connection to the same database, regardless
of the user specified in the connect string. Trying to create
HSQLDB users did not seem to work. Non-ADMIN users don't have
CREATE TABLE privileges, it seems, and I couldn't find docs that
describe how to GRANT CREATE TABLE privileges. Go figure.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@192 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:34:53 +00:00
rogan.dawes
d04371884b Allow WebGoat to create per-user databases 
This creates the infrastructure to allow WebGoat to create per-user
databases, so that any modifications made by one user do not affect
other users. Some lessons may have made provision for this internally
(e.g. CrossSiteScripting lesson), but this simplifies things generally.

This also switches the default database from Access on windows, and
Enhydra on Unix/other platforms to using HSQLDB, in an "in-memory"
configuration. We may get performance problems from having too many
instances of the database in memory at once at sites that have 10's
of users banging on a central WebGoat. Only time will tell.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@190 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:34:14 +00:00
rogan.dawes
47a7619652 Fixes: Make sure procedures are created in the right scope/user 
Also, create the EMPLOYEE table first, since Oracle checks for it


git-svn-id: http://webgoat.googlecode.com/svn/trunk@176 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:56:41 +00:00
rogan.dawes
afb5b9e740 SQLPLUS does not process CREATE PROCEDURE lines without a trailing / 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@175 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:56:33 +00:00
rogan.dawes
73035769aa Add stored procedures for the DB Cross Stie Scripting Lesson 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@172 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:55:32 +00:00
rogan.dawes
bc2faede19 Add a new DBSQLInjection lesson 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@171 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:55:23 +00:00
rogan.dawes
17fe003f2f Add stored procedures for the SQL Injection lesson 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@170 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:54:33 +00:00
rogan.dawes
1bcb2f6539 Add an SQL file to set up the Oracle DB and WebGoat user 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@169 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:54:23 +00:00
rogan.dawes
2bda4a81f3 Migrate the labs to direct/Random access stages 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@158 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:51:29 +00:00
mayhew64
25f47916cc Rename CookieCatcher to Catcher 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@121 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-03-20 19:05:46 +00:00
mayhew64
34fca43216 New Phishing Lesson 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@119 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-03-19 17:47:37 +00:00
mayhew64
d8680dcfc3 Removed credit from New Lesson. Removed extra "." from start page 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@115 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-02-22 01:09:43 +00:00
mayhew64
e748aa0e90 Changed mac_Logo.gif to macadamian.gif. Added forced browsing servlet to the appropriate web.xml files. Enhanced readme files 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@109 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-01-31 15:44:38 +00:00
sherif.fathy
5188039079 fixed a bug with the forced browsing lesson 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@79 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-01-24 04:25:08 +00:00
mayhew64
dfdfb8bcaf Update info for OWASP build and for Release 5.0 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@62 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-01-22 16:03:43 +00:00
mayhew64
8b51818508 Changed remaining contact information to reference an email address I receive (webgoat@g2-inc.com) 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@61 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-01-16 18:29:06 +00:00
mayhew64
fd9b60f98e Added some files required to build OWASP release. 
Modified License text and format to reflect GPL license.
Reformatted most of the code.

git-svn-id: http://webgoat.googlecode.com/svn/trunk@60 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-01-16 14:56:40 +00:00
mayhew64
05305c0096 replaced by lab properties 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@45 4033779f-a91e-0410-96ef-6bf7bf53c507
 2006-12-24 13:40:23 +00:00
mayhew64
159f691b4b Build Procedures 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@42 4033779f-a91e-0410-96ef-6bf7bf53c507
 2006-12-24 13:34:09 +00:00
sherif.fathy
296254e279 This patch contains the HTTP connector that intercepts the requests to the application and tries to communicate with OSG. 
It also contains the DOM Injection lesson

git-svn-id: http://webgoat.googlecode.com/svn/trunk@35 4033779f-a91e-0410-96ef-6bf7bf53c507
 2006-12-16 22:39:14 +00:00
sherif.fathy
80a2add2d7 - This patch fixes Forced Browsing lesson by removing any custom coding for WebSession and HammerHead.java 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@34 4033779f-a91e-0410-96ef-6bf7bf53c507
 2006-12-04 04:35:04 +00:00
sherif.fathy
99779ea2e9 Add a new lesson "How to add a new lesson" under new category "New Lessons" 
Modified the existing lessons to present the solution in the last hint

git-svn-id: http://webgoat.googlecode.com/svn/trunk@31 4033779f-a91e-0410-96ef-6bf7bf53c507
 2006-11-11 22:41:42 +00:00
sherif.fathy
6a59cd6e6e git-svn-id: http://webgoat.googlecode.com/svn/trunk@28 4033779f-a91e-0410-96ef-6bf7bf53c507 2006-11-03 01:14:36 +00:00
sherif.fathy
ca2dfa27d1 * Log spoofing lesson this includes the following file: 
- LogSpoofing.html
  - LogSpoofing.java

git-svn-id: http://webgoat.googlecode.com/svn/trunk@27 4033779f-a91e-0410-96ef-6bf7bf53c507
 2006-11-01 02:26:51 +00:00
sherif.fathy
6cc8bed0c7 - Added HTTP lesson together with its lesson plan and goals. 
- Files added:
   HttpSplitting.html
   HttpSplitting.java
   redirect.jsp
- Files Changed:
   webgoat-class.properties
   webgoat-lmc.properties

git-svn-id: http://webgoat.googlecode.com/svn/trunk@23 4033779f-a91e-0410-96ef-6bf7bf53c507
 2006-10-08 23:46:34 +00:00
mayhew64
98949c00d8 Moved remotely 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@15 4033779f-a91e-0410-96ef-6bf7bf53c507
 2006-09-30 13:41:26 +00:00