dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
149 Commits 11 Branches 78 Tags
Commit Graph

149 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
chuck@securityfoundry.com
1c02094545 Added 3 new lessons. Some strings are in the properties files, but not all. Modified CreateDB.java in order to create a new salaries table used by the new SQL injection lessons. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@390 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-30 04:53:19 +00:00
mjawurek
1dc6c799a7 A first attempt at internationalization of WebGoat. For complete internationalization WebGoat needs two things: 
1. Every text passage/label that appears in lessons must independent of the current language set for WebGoat.
2. Every lesson plan and solutions must be translated for each supported language.
Number 1 is achieved by using webgoat/util/WebgoatI18N.java and by having every output routed through this piece of code. You no longer say hints.add("Lesson Hint 1"); or ....addElement("Shopping Cart")) but you in the lesson you say hints.add(WebGoatI18N.get("Lesson Hint1")) or ....addElement(WebGoatI18N.get("Shopping Cart"). Then WebGoatI18N looks up the corresponding string for the language set as the current lanuage and returns it.
Number 2 is achieved by having subdirectories in lesson_plans corresponding to every language. That means, a lesson that has been translated to Spanish and German will be found in lesson_plans/English and lesson_plans/Spanish and lesson_plans/German.

This is how WebGoat finds out about available languages: in Course.java in loadResources() it looks for lesson plans.
Unlike before, now a lesson plan can be found multiple times in different "language" directories. So for every directory the lesson plan is found in, WebGoat associates this language with the lesson and also lets WebGoatI18N load the appropriate WebGoatLabels_$LANGAUGE$.properties file which contains the translations of labels.
So this is what you have to do for a new language:
First of all, you have to copy and translate every lesson plan that you need in the new language, and then you also have to create a WebGoatLabels_$LANGUAGE$.properties file with that labels that will be used in these lessons. Atm WebGoat crashes throws an exception when a label is missing but this can be sorted out quickly. 

git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@389 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-26 15:58:15 +00:00
mayhew64@gmail.com
59abed1dde Malcode samples - need to turn into lessons 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@388 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-26 11:24:12 +00:00
cam.morris
c3fe7cece9 Including one small documentation change: giving credit to Sherif Koussa's original CSRF lesson 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@387 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-23 21:29:42 +00:00
cam.morris
d2a6a2b272 This change includes two additional CSRF lessons. One for 
by-passing a prompt (showing why prompts don't work).  The second for
by-passing CSRF tokens when XSS exists. 

It also modifies the existing CSRF lesson so that the lesson
can be extended and used by the two new lessons.


git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@386 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-23 21:23:17 +00:00
chuck@securityfoundry.com
b4af6471b1 Three new lessons and supporting files and changes to other files. Some changes to other files may not be quite the "right" way to accomplish my goal, so they may need to be updated. I deleted the old BlindSQLInjection lesson (which was by me) since it is replaced by the two new lessons for BlindNumericSqlInjection and BlindStringSqlInjection. Other new lesson is for MaliciousFileExecution, which requires the Apache Commons fileupload library (which in turn needs the commons io library). 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@385 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-20 04:30:00 +00:00
chuck@securityfoundry.com
4f3892a0b6 Re-adding .jar file that appears to have been removed recently. Re-adding this file should fix build some build errors. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@384 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-20 03:56:46 +00:00
ch.ko123
c1af5e86b0 initial version of pom.xml 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@383 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-12 21:06:55 +00:00
ch.ko123
e3af09e500 infos to dependencies 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@382 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-11 15:19:25 +00:00
ch.ko123
94378680ca replaced jars with versions from maven repo to prepare migration 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@381 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-11 13:47:42 +00:00
ch.ko123
62bc77cbe7 replaced jars with versions from maven repo to prepare migration 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@380 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-11 11:07:01 +00:00
ch.ko123
de18bc56d2 replaced axis jars with versions from maven repo; removed catalina.jar no longer needed 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@379 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-10 23:39:11 +00:00
ch.ko123
215caee8be fixed typo (Issue 29) - test commit 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@378 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-10-07 21:15:11 +00:00
mayhew64@gmail.com
4897249cb8 5.3 Logo 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@377 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-02-04 13:06:48 +00:00
mayhew64
976671949e Changed the credit card user to be the user that was logged in as. Also base64 encoded the user cookie to make finding sql injection slightly harder. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@376 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-02-03 18:16:51 +00:00
mayhew64
b63d0a6886 Changed the class build. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@375 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-02-03 17:56:48 +00:00
mayhew64
3cf801f58f Removed errors introduced in previous checkin. String and integer conflicts in JSP 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@374 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-02-03 17:55:27 +00:00
soylentmean
b8c1d13e50 Lots of wording changes and HTML fixes. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@373 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-01-06 21:06:42 +00:00
soylentmean
8a372baa01 Fixing wording a smidge. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@372 4033779f-a91e-0410-96ef-6bf7bf53c507
 2009-01-06 20:19:22 +00:00
mayhew64
01b845beb9 Changes by Chris Roe to fix lesson issues with FireFox. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@371 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-12-17 13:06:29 +00:00
soylentmean
7a55b7e02f fixed a typo 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@370 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-12-11 21:15:20 +00:00
soylentmean
711097a340 Standardized all the HTML, clarified things, and fixed a whole bunch of grammar issues. 
I also changed the explanation for Browser Cache Poisoning; the old explanation was incorrect.  If I'm mistaken on that, feel free to revert that part of the explanation.


git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@369 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-12-11 20:04:15 +00:00
mayhew64
696550ccb0 Minor syntax issue with the word prename in the instructions - reported by April King 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@368 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-12-10 23:52:04 +00:00
mayhew64
7998e60f29 Removed hardcoded webgoat path for URLs 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@367 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-11-21 16:57:23 +00:00
mayhew64
c0d2d13e5a Reported by dwpoon, Yesterday (17 hours ago) 
I would like to submit the attached patch to avoid hard-coding
"/WebGoat" as the webapp's context path, at least for the HTTP splitting
lesson.  This issue has also been reported in July 2007; see
https://lists.owasp.org/pipermail/owasp-webgoat/2007-July/000432.html

Also see Issue 15 http://code.google.com/p/webgoat/issues/detail?id=15


git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@366 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-11-21 12:57:14 +00:00
mayhew64
3412f1e984 Contribution by Kristian Erik Hermansen. Fixed to work with 1.6 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@365 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-09-09 15:32:23 +00:00
brandon.devries
5854b66614 minor bug fixes and enhancements, including proper dollar value formatting 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@364 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-08-14 14:31:17 +00:00
brandon.devries
71e53c1ffb removing unused folder 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@363 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-08-14 12:56:14 +00:00
brandon.devries
a185de3fa0 minor changes and improving display issues 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@362 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-08-12 17:36:30 +00:00
brandon.devries
775fdad7c4 some cleanup, and removing unneeded ClassNotFoundExceptions 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@361 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-08-12 14:33:22 +00:00
brandon.devries
9c84df3d6c corrected spelling and some formatting 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@360 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-08-11 14:39:09 +00:00
brandon.devries
17af39e428 Formatting according to OWASP WebGoat Java Style 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@359 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-08-05 17:32:17 +00:00
mayhew64
7918037066 Removed build.xml 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@358 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-07-12 16:14:06 +00:00
mayhew64
95c57ea521 Removed windows and changed to developer 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@357 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-07-12 16:05:17 +00:00
mayhew64
7c8dcc37fb Logos that slipped through 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@356 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-07-12 16:04:22 +00:00
mayhew64
8f06b0197b Smaller eclipse workspace 
Changed workspace name to reflect WebGoat 
Added the video solutions link
Update readmen to reflect contributions and new stuff

git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@355 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-07-12 15:40:13 +00:00
sherif.fathy
581151f166 Actually, I think the problem was happening because the lesson was returning the lesson HTML again incase of incorrect key to eval was throwing an error trying to evaluate a whole bunch of HTML. Fixed this by catching the exception and showing an appropriate message. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@354 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-07-12 05:56:41 +00:00
mayhew64
084c43381b Added bug report 
Added message for missing solutions
Minor edits to lesson plans

git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@353 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-07-11 00:05:05 +00:00
mayhew64
536d29e78a Minor wording changes 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@352 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-07-09 00:25:02 +00:00
mayhew64
d590f7deb2 Minor wording edits 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@351 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-07-09 00:21:32 +00:00
mayhew64
71460125b6 Separated DB usage for messages in CSRF and Stored XSS 
Many cosmetic english changes
Fixed IE rendering for Challenge
 

git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@350 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-07-09 00:17:20 +00:00
mayhew64
29f0222258 Minor 5.2 changes. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@349 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-05-13 03:44:40 +00:00
mayhew64
6598829155 Added doc directory back into main project root. Build script moves doc to webcontent. 
Changed how to work with WebGoat picture to have original buttons 

git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@348 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-05-12 14:22:33 +00:00
mayhew64
40ee15bcaa Alphabetized categories 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@347 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-05-12 13:10:17 +00:00
mayhew64
ba26dd3a84 Reorder categories to be alphabetized 
Changed unvalidated input to parameter tampering

git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@346 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-22 16:45:29 +00:00
mayhew64
cabc905d4b 5.2 Credits 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@345 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-22 15:38:21 +00:00
mayhew64
2dd882a9a8 Minor fixes 
removed many System.out.printlns
delete extra solutions directory - wrong location
added 5.2 credits

git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@344 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-22 15:34:54 +00:00
mayhew64
7f034fa3f9 No Changes - SVN Test 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@343 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-22 12:01:21 +00:00
wirth.marcel
3e1d124434 Text edited 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@342 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-18 08:41:02 +00:00
wirth.marcel
decc426267 Minor changes... Tan gets now only updatet after it was correct 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@341 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-04-18 08:38:51 +00:00