dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Commit Graph

  • 0fd704bb54 Merge pull request #392 from misfir3/develop misfir3 2017-10-13 10:18:33 -06:00
  • 9e66ee177d Image Cleanup for Http Proxies Jason White 2017-10-13 10:13:07 -06:00
  • 09742323b3 Merge pull request #391 from misfir3/develop misfir3 2017-10-13 09:56:22 -06:00
  • 4e7034f6c1 Merge pull request #390 from misfir3/develop misfir3 2017-10-13 09:52:41 -06:00
  • f9a43d0961 xss updates Jason White 2017-10-13 09:52:19 -06:00
  • 8d488c6ac6 More CSRF Updates Jason White 2017-10-13 09:28:41 -06:00
  • b03a32f92c update to do CSRF-based comment forging Jason White 2017-10-12 18:17:48 -06:00
  • d0ec84e9a6 Merge remote-tracking branch 'upstream/develop' into develop Jason White 2017-10-11 20:29:47 -06:00
  • 17e122b914 adding .DS_Store to .gitignore Jason White 2017-10-11 20:28:36 -06:00
  • b156d81535 Initial cut on CSRF. More to come Jason White 2017-10-11 20:06:57 -06:00
  • 5033c3661a Cleaning up test case logging Nanne Baars 2017-10-08 02:07:22 +02:00
  • 6cb526aa43 Maven build generates too much output for Travis CI Nanne Baars 2017-10-08 01:58:03 +02:00
  • 14b188597a Maven build generates too much output for Travis CI Nanne Baars 2017-10-07 19:27:53 +02:00
  • 8a982dedb5 Updated XXE lesson so it also uses WebWolf Nanne Baars 2017-10-07 13:46:34 +02:00
  • 94caba7eb1 Landing page incoming requests now look whether the referer is WebGoat (all incoming requests from WebGoat will now be logged) Nanne Baars 2017-09-13 00:22:52 +02:00
  • 109fe2c438 Added WebWolf to Docker Nanne Baars 2017-09-12 23:44:32 +02:00
  • 46c536554c - Added new challenges - Added new webapplication called WebWolf to make attacks more realistic - Added WebWolf lesson to explain the concepts behind this new application Nanne Baars 2017-08-13 11:22:52 +02:00
  • 56f19caed6 #380 Download mongodb while building the Docker image. If you are behind a proxy (or no connection) during the start of WebGoat you might not be able to download the mongodb binary. Nanne Baars 2017-08-15 08:15:44 +02:00
  • 6a440a93c0 Merge pull request #379 from misfir3/missing-function-level-ac misfir3 2017-08-09 00:29:31 -06:00
  • ec2ab55749 fixing test directory structure Jason White 2017-08-09 00:24:04 -06:00
  • 2463f534b5 Formatting and bumping file in test dir Jason White 2017-08-09 00:19:34 -06:00
  • 51c9363162 Merge pull request #378 from misfir3/missing-function-level-ac misfir3 2017-08-09 00:10:22 -06:00
  • 8f740ace73 additional tests, one fix Jason White 2017-08-08 23:56:43 -06:00
  • 476ab415a4 More tests for AC lesson Jason White 2017-08-08 18:47:49 -06:00
  • b8d17a1cfd Basic endpoint tests added Jason White 2017-08-08 18:06:18 -06:00
  • b41751a55c missing function level ac working again ... after VM implosion Jason White 2017-08-08 17:15:20 -06:00
  • 8df1d53471 interim missing function ac commit, traversing dev. env. Jason White 2017-08-08 09:28:09 -06:00
  • 06bf690a3a Merge remote-tracking branch 'upstream/develop' into develop Jason White 2017-08-02 19:12:29 -04:00
  • 10e5edbc36 temp. removal of offending UT Jason White 2017-08-02 19:06:55 -04:00
  • 49621c637f Upgraded to latest in memory MongoDB (due to download link no longer working) Nanne Baars 2017-07-26 05:07:15 +02:00
  • 0b92a57f77 WebGoat no longer runs as root in the Docker container. Nanne Baars 2017-07-26 05:06:40 +02:00
  • b06fb72a74 Fixed typo Nanne Baars 2017-07-25 17:40:55 +02:00
  • f1a104f0ab merging missing function-level-ac lesson Jason White 2017-07-25 09:44:10 -04:00
  • 8186bd4766 css and xss updates Jason White 2017-07-24 18:05:57 -04:00
  • c44186f986 start of missing function ac lesson Jason White 2017-07-24 16:26:23 -04:00
  • ca4b0c06b5 lesson css file Jason White 2017-07-24 11:34:10 -04:00
  • c87f75ed18 Merge pull request #375 from misfir3/develop misfir3 2017-07-19 16:45:38 -04:00
  • fc05a68ef7 update to IDOR hints Jason White 2017-07-19 16:00:10 -04:00
  • dce962bdeb Updating Category ordering, closer to T10 Jason White 2017-07-19 15:54:50 -04:00
  • 8a2499c56a Update to README.MD (#372) Paul Moreno 2017-07-19 15:55:10 +02:00
  • 9e1e4c1d2a Merge remote-tracking branch 'upstream/develop' into auth-bypass Jason White 2017-07-19 08:58:24 -04:00
  • b57cfd06b1 Started testing. Having issues, but commiting stubs and making ticket to return Jason White 2017-07-19 08:56:48 -04:00
  • 89bfc3f12d fixing image Jason White 2017-07-18 17:54:50 -04:00
  • 9b643728f8 verify account assignment hints Jason White 2017-07-18 17:48:57 -04:00
  • 0cb4faf15f refactor to support cleaner scoping && success and failure callbacks Jason White 2017-07-18 17:39:58 -04:00
  • ce7c271bb5 initial cut on auth-bypass lesson Jason White 2017-07-18 15:59:46 -04:00
  • cac1fb17e4 minor update to getting started file misfir3 2017-07-12 16:59:13 -04:00
  • bf06d645a1 Merge remote-tracking branch 'upstream/develop' into develop Jason White 2017-07-10 10:18:12 -04:00
  • 10481cb63d lesson overview updates (#369) misfir3 2017-07-10 08:33:28 -04:00
  • 82ef171a50 XSS Lesson Modifications (#367) misfir3 2017-07-10 08:33:10 -04:00
  • fb65534355 Merging from 'injection-updates' into local develop branch Jason White 2017-07-03 15:22:02 -04:00
  • 2e4e4ea716 including restart lesson fix for lesson overview Jason White 2017-07-03 12:37:15 -04:00
  • daaf361dd2 Lesson Overview updates Jason White 2017-07-03 12:14:01 -04:00
  • 921561cf32 mitigation content update ... 2 Jason White 2017-06-27 11:33:39 -04:00
  • ebb851b361 mitigation content update Jason White 2017-06-27 11:28:16 -04:00
  • 296723508b IDOR hints updated Jason White 2017-06-27 10:26:22 -04:00
  • 89e2fc109c Work-around to handle special chars in action ... currently to be able to match {userId} in hint creation/assignment for IDOR Jason White 2017-06-27 10:24:38 -04:00
  • dd18e68660 merge of upstream, conflict resolution Jason White 2017-06-27 08:30:58 -04:00
  • 3a9bb946ed update for XXE solutions Jason White 2017-06-27 08:27:06 -04:00
  • 3ec5b8708e clean up of unneeded stuff in pom Jason White 2017-06-23 14:46:40 -04:00
  • ccb4e3813b #353 - lesson template/guide Jason White 2017-06-23 14:46:09 -04:00
  • b304dbb552 Changed to develop for coverage Nanne Baars 2017-06-20 09:44:12 +02:00
  • edceba73fe - Added testcases for bypassing frontend validation. - Improved layout of the lesson - Fixed JavaScript issues with 'let' Nanne Baars 2017-06-16 01:16:31 +02:00
  • bf210de013 Added testcase for SQL lesson 6b Nanne Baars 2017-06-16 00:33:02 +02:00
  • e808abd504 Added testcase for SQL lesson 6a Nanne Baars 2017-06-16 00:23:40 +02:00
  • f1fd214580 Added more testcases for the SQL lesson 12 Nanne Baars 2017-06-15 23:49:03 +02:00
  • 7809057208 Enabled the challenges again to make them visible for everybody who starts WebGoat Nanne Baars 2017-06-15 23:38:04 +02:00
  • 36ad73c800 Added more mitigations for XXE Nanne Baars 2017-06-15 23:36:51 +02:00
  • e9ad20cb30 Make sure we clean all the files below the .webgoat dir Nanne Baars 2017-06-15 19:06:50 +02:00
  • a484467419 Adding extra lesson for order by clauses Nanne Baars 2017-06-15 19:02:51 +02:00
  • ee912f734b Added SQL injection from challenge to lesson and added content for a blind sql injection Nanne Baars 2017-06-13 06:43:03 +02:00
  • 0740c4ba95 Split large SQL lesson Nanne Baars 2017-06-11 22:12:53 +02:00
  • b048988d2f Changed layout of the html tampering lesson and fixed some JavaScript issues. Added a small mitigation page. Moved the lessons concerning client side validation to client side category Nanne Baars 2017-06-13 03:22:19 +02:00
  • 09d8fef50e Merge branch 'develop' of github.com:WebGoat/WebGoat into develop Nanne Baars 2017-06-12 20:02:30 +02:00
  • 870fa000aa bypass front-end restrictions (javascript validation) Michal Smolík 2017-06-02 16:34:20 +02:00
  • 01421ca822 html restrictions lesson Michal Smolík 2017-06-02 16:32:10 +02:00
  • 007cdaa0d8 insecure login lesson Michal Smolík 2017-06-02 16:30:19 +02:00
  • 99f75a835c #359 Fixed Nanne Baars 2017-06-12 20:02:21 +02:00
  • 52a48df70c XXE successfully completed message was no longer shown, fixed it by using form POST together with customjs functions. Introduced callback functionality which you can specify after the posting in order to be able to load the comments list again. Nanne Baars 2017-06-12 15:08:55 +02:00
  • 19a4859e4f Fix hint not being display correctly due to missing escaping Nanne Baars 2017-06-12 13:03:14 +02:00
  • 06a3f5d189 http-proxies updates Jason White 2017-06-09 15:33:21 -04:00
  • 2305d355c7 isEncoded and isNotEncoded Unit Tests added Jason White 2017-05-25 19:36:02 -04:00
  • 31548b9c57 Additional Unit Testing Jason White 2017-05-24 17:12:28 -04:00
  • e733131241 Stubs for security unit test Jason White 2017-05-24 13:12:36 -04:00
  • a9e5dd645d comment, clean up Jason White 2017-05-22 20:10:03 -04:00
  • 129e9deba9 Added testcase for SQL injection lesson Nanne Baars 2017-05-21 16:40:52 +02:00
  • 9f12da1434 Changed e-mail address Nanne Baars 2017-05-21 14:44:33 +02:00
  • 13a2661cb2 modifications to README for GKE-Docker Nicholas J. Parks 2017-05-06 16:10:19 -04:00
  • 2729486c24 make sure there are new lines at the end of these files Nicholas J. Parks 2017-04-28 11:50:27 -04:00
  • 9990023d98 A Whole bunch of readme edits Nicholas J. Parks 2017-04-25 08:53:21 -04:00
  • a10d926859 Misc Text updates Nicholas J. Parks 2017-04-22 22:37:31 -04:00
  • 8c0abe06b8 Horrible Murican! Grammar and spelling… Nicholas J. Parks 2017-04-22 22:21:35 -04:00
  • 6206aa84b2 Markdown Nicholas J. Parks 2017-04-22 22:19:39 -04:00
  • 086e674bf4 A Whole bunch of readme Nicholas J. Parks 2017-04-22 22:13:27 -04:00
  • 70625ff5a2 Add Google Cloud Platform Initial Seed Items Nicholas J. Parks 2017-04-22 21:31:37 -04:00
  • fedd2b1be6 arbitrary difference between code commit and GitHub…really arbitrary Nicholas J. Parks 2017-04-22 14:48:53 -04:00
  • 284c05ee29 change to use GitHub instead of code commit Nicholas J. Parks 2017-04-22 14:33:50 -04:00
  • c3d18d5582 initial add of cloudformation for platform seeding purposes Nicholas J. Parks 2017-04-22 14:22:41 -04:00
  • fbb389a7b4 Updated the instructions for running on Docker Ryan Canty 2017-05-05 13:43:09 -07:00
  • 0ad1f0d147 Fixing Travis issues while building Nanne Baars 2017-05-21 13:28:29 +02:00