dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Commit Graph

  • 6834cac8fa Commented out console debugging output mayhew64 2008-01-10 12:57:39 +00:00
  • 8e83229be8 Show solution button graphics mayhew64 2008-01-10 12:52:37 +00:00
  • 97a1291648 Java mail APIs for unchecked email lesson mayhew64 2008-01-10 12:50:27 +00:00
  • d8f7ce2a4f Add a link to the WSDL file in the 3rd stage of SOAPRequest rogan.dawes 2008-01-10 10:52:02 +00:00
  • 1b6789304c Fix a hint to refer to the right field rogan.dawes 2008-01-10 10:51:43 +00:00
  • 8d85b2da23 Change UpdateProfile to always use a PreparedStatement, to avoid SQL Injection attacks rogan.dawes 2008-01-10 10:49:12 +00:00
  • f78d70a8e7 Only mark Stage 1 complete when someone else views the exploit rogan.dawes 2008-01-10 10:48:30 +00:00
  • dd6a893f28 minor changes rogan.dawes 2008-01-10 10:48:01 +00:00
  • 489bff08f8 cleaning up a bit rogan.dawes 2008-01-10 10:47:33 +00:00
  • 457a868113 adding XHR lesson rogan.dawes 2008-01-10 10:46:57 +00:00
  • 4066296d30 changing name of lesson rogan.dawes 2008-01-10 10:46:18 +00:00
  • b3591580a9 clarifying instructions and importing a .js rogan.dawes 2008-01-10 10:45:44 +00:00
  • dc3ad6453d adding backup files rogan.dawes 2008-01-10 10:45:23 +00:00
  • f27dae0773 changing location of RegexMatch.dll rogan.dawes 2008-01-10 10:45:07 +00:00
  • 8e1fb2caa3 added console debugging line rogan.dawes 2008-01-10 10:44:56 +00:00
  • 2bb4df8ef1 added console debugging line rogan.dawes 2008-01-10 10:44:43 +00:00
  • ebfcd02a9f updating AJAX lesson plans rogan.dawes 2008-01-10 10:44:27 +00:00
  • a84d0e951d making ajax impovements rogan.dawes 2008-01-10 10:44:09 +00:00
  • a8c87e0704 Move the SQL Server instructions into a single file rogan.dawes 2008-01-10 10:14:46 +00:00
  • 1621a39e35 Provide an example of how to override the default setting using environment variables rogan.dawes 2008-01-10 10:14:30 +00:00
  • 12554493cd Change the default Oracle password back to webgoat (no _) rogan.dawes 2008-01-10 10:14:27 +00:00
  • 71330946f4 Make it possible to override WebGoat context settings via environment variables rogan.dawes 2008-01-10 10:14:17 +00:00
  • c31ef90a3d Allow overriding of the WebGoat context setting via environment variables rogan.dawes 2008-01-10 10:14:06 +00:00
  • 36b32849df Add support for MS SQL Server in the DB Labs rogan.dawes 2008-01-10 10:13:52 +00:00
  • 900a222316 Change the default webgoat password rogan.dawes 2008-01-10 10:13:21 +00:00
  • cb2a3784b6 Change DBSQLInjection lesson to count the matched rows rogan.dawes 2008-01-10 10:13:13 +00:00
  • 0149a699a3 minor bug fixes. rogan.dawes 2008-01-10 10:12:44 +00:00
  • 1ce614f733 Merge with major changes made by Aspect rogan.dawes 2008-01-10 10:12:31 +00:00
  • 137b7c813c several minor bug fixes. rogan.dawes 2008-01-10 10:11:50 +00:00
  • 6c9c53b938 Remove some unused imports rogan.dawes 2008-01-10 10:11:27 +00:00
  • c3cee22113 Fix database connetion handling. rogan.dawes 2008-01-10 10:11:12 +00:00
  • aab0125c50 Synchronize access to the DatabaseUtilities core methods rogan.dawes 2008-01-10 10:10:39 +00:00
  • 531991f26d Replace the "Stage n" text in the instructions rogan.dawes 2008-01-10 10:10:29 +00:00
  • 8b21a7785e Update the DB lessons rogan.dawes 2008-01-10 10:10:10 +00:00
  • d9cf56268e Fix line endings rogan.dawes 2008-01-10 10:09:49 +00:00
  • 427832411c Fix line endings rogan.dawes 2008-01-10 10:09:41 +00:00
  • 5457faf9a3 Add Rogan Dawes to the challenge screen as a contributor rogan.dawes 2008-01-10 10:09:33 +00:00
  • 647c0c4a34 Allow accessing Web Services when WebGoat is on a non-standard port rogan.dawes 2008-01-10 10:09:27 +00:00
  • 64ce7068c4 Move the Thread Safety lesson into the Concurrency category rogan.dawes 2008-01-10 10:09:13 +00:00
  • 92072f3921 Update the Challenge Stage 2 to be more realistic rogan.dawes 2008-01-10 10:09:00 +00:00
  • af8e61eb9f Change the line endings on the instructions rogan.dawes 2008-01-10 10:08:48 +00:00
  • 2fd09c3084 Add a new Concurrency lesson rogan.dawes 2008-01-10 10:08:45 +00:00
  • 3b128c8ebb Removed space from path information mayhew64 2008-01-09 19:50:49 +00:00
  • 84ca966ce5 Added client side validation to HiddenFieldTampering.java, added a new ECS makeButton with a OnClick function, corrected authorship in several files mayhew64 2008-01-09 13:28:07 +00:00
  • 3645564018 Added source parameter to "Show Java" for showing lesson source code. Added Google Mail configuration to UncheckedEmail lesson. mayhew64 2008-01-08 12:53:09 +00:00
  • d92c716ff4 Added source parameter to "Show Java" for showing lesson source code. Added Google Mail configuration to UncheckedEmail lesson. mayhew64 2008-01-08 12:51:13 +00:00
  • 23e7fe1f4f Build cleanup in order to create a complete developer distribution. More menu cleanup mayhew64 2008-01-03 21:09:17 +00:00
  • f6e0cb7ed0 Don't know what these are? mayhew64 2008-01-03 21:06:52 +00:00
  • 822ce10ca2 5.1 RC2 build updates mayhew64 2008-01-02 14:05:58 +00:00
  • c1f55215a8 Menu cleanup for Lab stages. Shortened menu names for most lessons. Changed category naming to be more meaningful. mayhew64 2008-01-02 13:48:19 +00:00
  • ee0bc82bec Single platform build.xml Modified Lesson banners Solutions guide and framework mayhew64 2007-10-08 20:37:43 +00:00
  • a9fe7e6099 Implement non-coding modes for the labs rogan.dawes 2007-07-25 12:57:57 +00:00
  • f62eb33c4b Commit Dave's fixes rogan.dawes 2007-07-25 12:57:17 +00:00
  • d9979e46ed Another place where we need to compare without case rogan.dawes 2007-07-25 12:56:51 +00:00
  • b67bb702d2 Fix more places where the email address was hard-coded rogan.dawes 2007-07-25 12:56:35 +00:00
  • 6de7bd9ec9 Fix the feedback address in other places rogan.dawes 2007-07-25 12:56:06 +00:00
  • d65f5bfd85 Make the stages not right aligned rogan.dawes 2007-07-25 12:55:57 +00:00
  • 7fd112bc5d Update Random Access Lessons to not include the stage number in the text rogan.dawes 2007-07-25 12:55:49 +00:00
  • add34a24dc Make the test for the Auth header name case-insensitive rogan.dawes 2007-07-25 12:55:18 +00:00
  • 043c0e5926 Remove Microsoft quotes rogan.dawes 2007-07-18 13:37:58 +00:00
  • fb76b4916f Unify web.xml files. Also update the webgoat contact email address rogan.dawes 2007-07-18 13:37:42 +00:00
  • f9b5f8eddf Show completion of individual lesson stages rogan.dawes 2007-07-18 13:37:31 +00:00
  • a2f99be11a Remove unnecessary setMessage() calls rogan.dawes 2007-07-18 13:37:24 +00:00
  • f831487fa2 Add descriptions to the stages rogan.dawes 2007-07-18 13:36:42 +00:00
  • 002dbbf53c Point the windows config file to use the HSQLDB database rogan.dawes 2007-07-18 13:36:11 +00:00
  • 5fd4b44303 Fix line endings rogan.dawes 2007-07-18 13:36:02 +00:00
  • c65faceb1a A recent change to AbstractLesson.getLink() broke visit tracking rogan.dawes 2007-07-18 13:35:42 +00:00
  • c1ddbd078f Correctly specify an in-memory database rogan.dawes 2007-07-18 13:35:31 +00:00
  • ee8e9d91bb Mark SequentialLessonAdapter as abstract to prevent instantiation rogan.dawes 2007-07-18 13:35:22 +00:00
  • 0c2e04c655 Remove unused import rogan.dawes 2007-07-18 13:35:06 +00:00
  • 7af27f7d1b Make per-user in-memory databases actually work rogan.dawes 2007-07-18 13:34:53 +00:00
  • cf047786f3 An INSERT statement cannot be executed as a query rogan.dawes 2007-07-18 13:34:31 +00:00
  • d04371884b Allow WebGoat to create per-user databases rogan.dawes 2007-07-18 13:34:14 +00:00
  • 9d19fa2433 Remove unused code to clean up warnings rogan.dawes 2007-07-18 13:33:14 +00:00
  • 9e352396d3 Remove warnings by generic'ising users of Collections classes rogan.dawes 2007-07-18 13:32:59 +00:00
  • e41a5ca395 Removed unused code that was generating warnings rogan.dawes 2007-07-18 13:32:31 +00:00
  • 4a70fdac26 Add automatically generated serialVersionUID to silence warnings rogan.dawes 2007-07-18 13:32:08 +00:00
  • d709ff9506 Fix warnings rogan.dawes 2007-07-18 13:31:42 +00:00
  • 9ea97126b8 Use AbstractLesson.getLink() and getFormAction() more rogan.dawes 2007-07-18 13:31:11 +00:00
  • e27aaccb45 Make multi-stage lessons show the individual stages in the menu rogan.dawes 2007-07-18 13:29:53 +00:00
  • 77ab0c5406 Update stage completion message rogan.dawes 2007-07-18 13:29:33 +00:00
  • 84f3b5033d Minor changes to the challenge screen rogan.dawes 2007-07-18 13:29:15 +00:00
  • 184eaae260 Update the messages issued when a stage is completed. rogan.dawes 2007-07-18 13:29:07 +00:00
  • ab0423cb78 Update the stage descriptions and instructions rogan.dawes 2007-07-18 13:28:24 +00:00
  • ad7f4aec68 Re-add Aspect credits for various lessons rogan.dawes 2007-07-18 13:28:02 +00:00
  • 5f5e2e829a The return type fix got lost. rogan.dawes 2007-07-11 13:40:01 +00:00
  • 47a7619652 Fixes: Make sure procedures are created in the right scope/user rogan.dawes 2007-07-11 12:56:41 +00:00
  • afb5b9e740 SQLPLUS does not process CREATE PROCEDURE lines without a trailing / rogan.dawes 2007-07-11 12:56:33 +00:00
  • 7bb2c087a0 Add lesson plans for the DB labs rogan.dawes 2007-07-11 12:56:26 +00:00
  • d1fe861a75 Add a DB Cross Site Scripting lesson rogan.dawes 2007-07-11 12:56:13 +00:00
  • 73035769aa Add stored procedures for the DB Cross Stie Scripting Lesson rogan.dawes 2007-07-11 12:55:32 +00:00
  • bc2faede19 Add a new DBSQLInjection lesson rogan.dawes 2007-07-11 12:55:23 +00:00
  • 17fe003f2f Add stored procedures for the SQL Injection lesson rogan.dawes 2007-07-11 12:54:33 +00:00
  • 1bcb2f6539 Add an SQL file to set up the Oracle DB and WebGoat user rogan.dawes 2007-07-11 12:54:23 +00:00
  • 4665256674 Construct a message automatically when we complete a stage rogan.dawes 2007-07-11 12:54:15 +00:00
  • 26ed31df68 Only show the stage controls if the lesson is not complete rogan.dawes 2007-07-11 12:53:59 +00:00
  • d889f6e535 Reset to the first stage when restarting the lesson rogan.dawes 2007-07-11 12:53:51 +00:00
  • 7dee412ee1 Fix WebServices lessons to maintain a reference to WebgoatContext rogan.dawes 2007-07-11 12:53:36 +00:00
  • 76f654e820 Make sure that the underlying GoatHillsFinancial lesson remains hidden rogan.dawes 2007-07-11 12:53:18 +00:00
  • dc8914f4e1 Allow for simple restarting of a lesson. rogan.dawes 2007-07-11 12:53:00 +00:00