dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Commit Graph

  • 70771ee854 added a webwolf template error page with some explanation and updated 2017 to 2020 René Zubcevic 2020-04-29 14:43:33 +02:00
  • 9dea696c4c added int test for IDOR and fixed green button issue (#801) René Zubcevic 2020-04-29 12:12:11 +02:00
  • 2398949396 added ace js for java René Zubcevic 2020-04-28 09:15:07 +02:00
  • 57c008a697 Fix reading file, added try/catch and added tests Nanne Baars 2020-04-28 08:49:51 +02:00
  • 2614044918 Fix copying of pictures to WebGoat home directory Nanne Baars 2020-04-27 12:51:07 +02:00
  • 1aad57ba55 Fix the syntax differences between HSQL and Postgres Nanne Baars 2020-04-26 20:28:23 +02:00
  • 54610868fe Fix the syntax differences between HSQL and Postgres Nanne Baars 2020-04-26 20:09:15 +02:00
  • 4831338649 Remove explicit HSQLDB property from WebGoat and use the Spring Boot version Nanne Baars 2020-04-26 20:08:44 +02:00
  • 3bb7ee46bd Upgrade to Postgres 10 Nanne Baars 2020-04-26 20:08:00 +02:00
  • 1a9ce15e99 fix typo (hint3 will not be shown) Satoshi SAKAO 2020-04-27 15:27:04 +09:00
  • 9063b4137f fix 404 links Satoshi SAKAO 2020-04-14 18:50:37 +09:00
  • d7ae3a4391 fix typo Satoshi SAKAO 2020-04-09 18:00:54 +09:00
  • db66c1dd02 fix number of steps Satoshi SAKAO 2020-04-09 17:32:21 +09:00
  • 608728b135 fix asciidoc italic format Satoshi SAKAO 2020-04-09 17:31:49 +09:00
  • 88eb4d7b26 ace editor added without all the nonsense around it René Zubcevic 2020-04-26 16:09:48 +02:00
  • 58bc94d1f6 fix green buttons René Zubcevic 2020-04-22 09:54:30 +02:00
  • 6f532683a1 lessonplan character updates so it also works on Windows Cp125 René Zubcevic 2020-04-20 12:39:51 +02:00
  • 6b68a12449 Set more conditions for releasing Nanne Baars 2020-04-19 10:25:15 +02:00
  • 27bf08ad5c Deploy and release on Java 11 Nanne Baars 2020-04-19 09:45:17 +02:00
  • 52b66ed506 Java 12 is EOL so no need to support it Nanne Baars 2020-04-19 09:36:48 +02:00
  • a5350060e1 Add dummy extra method with return type AttackResult because every assignment needs at least one such mapping (in the challenges case this is optional but since the challenges are an extra thing and this is the only assignment which has no such method adding a dummy method makes sense) Nanne Baars 2020-04-18 21:05:09 +02:00
  • 4f649234a9 Fix Java 11 issue where the order of methods returned in AssignmentEndpoint subclasses returned wrong method for determining the mapping of an assignment. Now we walk over all methods until we find one which has for example a @GetMapping with AttackResult or ResponseEntity<AttackResult as return type. If no such method is found an exception is thrown Nanne Baars 2020-04-18 21:03:58 +02:00
  • 96412da04e Remove unused imports and parameters Nanne Baars 2020-04-18 21:00:45 +02:00
  • 0015394582 Fix typo Nanne Baars 2020-04-18 20:59:53 +02:00
  • 9cb63a7c43 Update to latest surefire plugin otherwise new JUnit 5 test fails Nanne Baars 2020-04-18 20:50:45 +02:00
  • 561fb1f7f4 Build matrix for building Nanne Baars 2020-04-18 16:28:57 +02:00
  • 3b7481c2a7 Update method signature Nanne Baars 2020-04-18 15:01:12 +02:00
  • f1768bd9a5 small update Nanne Baars 2020-04-18 14:07:46 +02:00
  • 407e19638f Add two more assignments for SQL injection where only filtering is applied. Nanne Baars 2020-04-13 15:17:43 +02:00
  • 122cc323f2 Changed the order of explanation of setting up ZAP/Burp a bit (feedback from workshop). This makes the necessary steps more explicit by moving all extra configuration for https etc to the back. So when you follow the lesson you will only setup the minimal and not get confused about things which are only necessary in certain cases Nanne Baars 2020-04-13 15:16:45 +02:00
  • 9509993a8f all tests complete for Password Reset (#785) René Zubcevic 2020-04-17 15:54:24 +02:00
  • 25e66ae412 use of script console in stead of browser address bar René Zubcevic 2020-04-16 13:53:45 +02:00
  • 089952e9ad quiz fix for CIA, SQL Injection Advanced and XSS + XSS description change in alert(document.cookie) René Zubcevic 2020-04-16 13:51:10 +02:00
  • efc5a870a0 Path traversal windows unittest fix (#780) René Zubcevic 2020-04-14 16:13:43 +02:00
  • 0638cae6e5 corrected hints and improved error handling base64 (#781) René Zubcevic 2020-04-14 16:13:25 +02:00
  • b8abc99faf fix for scoreboard after js refactoring René Zubcevic 2020-04-08 10:27:01 +02:00
  • e921fb66a9 actual working version of vulnerable components part 5 René Zubcevic 2020-04-08 10:05:42 +02:00
  • e25f7a7560 clean up and update js René Zubcevic 2020-04-07 20:17:20 +02:00
  • c4ae9ae2ab migrate to JUnit 5 code René Zubcevic 2020-04-06 15:52:09 +02:00
  • c4153ecbfb Maven owasp dep update (#776) René Zubcevic 2020-04-06 16:01:09 +02:00
  • bb6d06713f Fix failing test Nanne Baars 2020-03-09 11:57:07 +01:00
  • 14022d88c9 Last assignment now filters out .. and / so encoding plays a role now Nanne Baars 2020-03-08 20:52:24 +01:00
  • d4966b5e71 Fix test cases Nanne Baars 2020-03-08 17:56:34 +01:00
  • b3840e60e3 Fix lessons Nanne Baars 2020-03-08 14:18:38 +01:00
  • 3ece45b3d4 Fix for not passing the content-type Nanne Baars 2020-03-05 13:17:11 +01:00
  • 6b7678fb1d Remove old files Nanne Baars 2020-03-03 21:37:55 +01:00
  • 6c25cf8e43 Add path traversal lesson Nanne Baars 2020-03-03 21:37:24 +01:00
  • c4c28f544f Fixed CSRF broken links. Tiago Mussi 2020-03-06 13:38:45 +01:00
  • 3b050a856a tested solution with unit test and verfied with lesson 5 on ie René Zubcevic 2020-02-27 20:10:45 +01:00
  • 71d9c4b61a first steps René Zubcevic 2020-02-27 07:11:36 +01:00
  • a8118a14cd add support for status 403 feedback from e.g. ModSecurity/CRS René Zubcevic 2020-02-21 12:50:32 +01:00
  • 5f3dff4921 added notes on salted hash (#758) René Zubcevic 2020-02-27 07:20:58 +01:00
  • 208aa42fdb relax detection regex (#757) August Detlefsen 2020-02-20 11:00:07 -08:00
  • cd3fb8040f Typo and grammar corrections for the crypto lessons (#756) Jonathan Thompson 2020-02-08 23:00:08 -08:00
  • 9d5fa6f4ef Correct typos and clarify language in signing.adoc (#754) Dan Muller 2020-01-30 08:01:42 -05:00
  • 6797033a09 restored pom removal (#753) René Zubcevic 2020-01-25 18:18:06 +01:00
  • 9eee726eb5 All in one docker (#749) René Zubcevic 2020-01-25 17:54:24 +01:00
  • 4e371b63d0 suppressing some useless log messages and banners in unit tests (#752) René Zubcevic 2020-01-25 12:11:45 +01:00
  • edd6b7d7cf Reset lesson bug (#741) Nanne Baars 2020-01-05 20:22:50 +01:00
  • 5de82c0a06 Fix link to XStream blog which no longer exists (#740) Nanne Baars 2020-01-05 19:48:40 +01:00
  • 71f2d2968f Fix NPE when request does not contain parameter (#739) Nanne Baars 2020-01-05 15:14:53 +01:00
  • 0d7daf60d9 Fix broken e-mail link (#738) Nanne Baars 2020-01-05 15:05:51 +01:00
  • bb80e11665 dockerfile and compose changes (#737) René Zubcevic 2019-12-27 20:32:35 +01:00
  • 8088465652 Move and remove unneccessary pom dependencies (#736) Nanne Baars 2019-12-24 16:14:36 +01:00
  • 035c8662d4 Revert "Bump xstream from 1.4.5 to 1.4.6 in /webgoat-lessons" Nanne Baars 2019-12-23 17:14:04 +01:00
  • a831d949b2 Bump xstream from 1.4.5 to 1.4.6 in /webgoat-lessons dependabot[bot] 2019-12-23 16:10:11 +00:00
  • 4c45a1e68c This lesson is intended to show the dangers of outdated software. However in version 1.4.7 the vulnerability is fixed! In 1.4.5 it is still present, so I suggest this downgrade. It is tested and works as intended, just as 1.4.7 does not. torleif 2019-12-14 00:41:16 +01:00
  • f79ad452d2 password reset support for using www.webwolf.local René Zubcevic 2019-12-23 14:01:39 +01:00
  • 59076fc9ef adjusted WebWolfMacro René Zubcevic 2019-12-20 19:21:50 +01:00
  • b6aa677594 Zap 8 update for proxy lesson (#718) René Zubcevic 2019-12-10 12:14:21 +01:00
  • 681a20a7c3 In the migration to Spring 2, this method lost its get mapping to the IDOR/profile url,breaking the javascript call to that address. (#720) thegoodcrumpets 2019-12-04 12:21:19 +01:00
  • c5ec2d40a1 updates docker image name (#717) René Zubcevic 2019-11-26 18:12:06 +01:00
  • b5e5dd1d13 Crypto lesson (#712) René Zubcevic 2019-11-23 21:52:14 +01:00
  • 9c0b7f8233 Fix version substitution so WebGot home directory contains version number instead of @project.version@ in the name (#710) Nanne Baars 2019-11-17 14:33:24 +01:00
  • 5dd6b31905 Adjust lesson template (#704) Nanne Baars 2019-11-17 13:39:56 +01:00
  • f40b6ffd31 Moving back to snapshot Nanne Baars 2019-11-13 12:27:26 +01:00
  • 7313fc6c08 Merge branch 'release/v8.0.0.M26' into develop Nanne Baars 2019-11-12 09:33:05 +01:00
  • c8ac054093 Merge branch 'release/v8.0.0.M26' v8.0.0.M26 Nanne Baars 2019-11-12 09:32:50 +01:00
  • fe2ac1b8d4 New release, updating pom.xml Nanne Baars 2019-11-12 09:22:45 +01:00
  • ba74898441 Add JavaScript to assignment otherwise you will not be able to see the flow of the endpoint Nanne Baars 2019-11-12 08:02:07 +01:00
  • 1d477bd0e8 Rename endpoint in JavaScript as backend call uses different endpoint Nanne Baars 2019-11-12 08:01:32 +01:00
  • 48b604d6d9 Enable salaries again as rest controller Nanne Baars 2019-11-12 08:00:49 +01:00
  • 2ab8a838c3 update JRE and milestone version to latest Rene Zubcevic 2019-11-11 21:53:31 +01:00
  • e07a2aff48 Fix mistake the SQL exception should be throws otherwise users cannot see the table name (servers) makes it impossible to solve the assignment. Add explicit test for this to guard against future mistakes Nanne Baars 2019-11-11 17:24:46 +01:00
  • 7d48427d4f Integrate ZAP 2.8.0 (no HUB) as the setup is different also update the filtering as usual ZAP exclusion is again broken Nanne Baars 2019-11-11 16:42:47 +01:00
  • d8844216cc Add solution for Firefox no longer proxying localhost at all Nanne Baars 2019-11-08 17:04:15 +01:00
  • ab3cd118c9 Explicitly set Maven repo to https Nanne Baars 2019-11-04 21:50:37 +01:00
  • 8da4342430 Improve readability of query (#685) Cotonne 2019-11-04 13:28:35 +01:00
  • ddf6ac9bdb Improve handling of missing parameters, now returns HTTP/401 (#698) Nanne Baars 2019-11-03 18:27:03 +01:00
  • f7b794bf68 Race condition in counting number of attempts #567 (#697) Nanne Baars 2019-11-03 18:14:15 +01:00
  • 1a83e2825e Code style (#696) Nanne Baars 2019-11-03 18:11:09 +01:00
  • 66bd1d8c1a Remove obsolete methods Philippe Lafoucrière 2019-10-21 08:34:48 -04:00
  • 531db87876 Fix CommandInjection java files Philippe Lafoucrière 2019-10-21 08:16:04 -04:00
  • cac5985873 Fix command-injection pom.xml Philippe Lafoucrière 2019-10-19 17:09:26 -04:00
  • c03b8e22bf Fix webgoat-lesson-template parent artifact ref Philippe Lafoucrière 2019-10-19 17:04:38 -04:00
  • 710adfae20 Upgrade to latest Spring Boot version Nanne Baars 2019-10-20 22:17:43 +02:00
  • 9b87fd602c Explicitly set session persistence to false (result in non serializable exception) Nanne Baars 2019-10-20 15:09:45 +02:00
  • 28299f3ced Bind HSQLDB to same address as WebGoat Nanne Baars 2019-10-20 13:08:30 +02:00
  • 689e3de7a4 Final changes for splitting SQL WebGoat and lessons Nanne Baars 2019-10-19 19:19:22 +02:00
  • 25dae3a4a8 Fix merge request Nanne Baars 2019-10-19 17:17:54 +02:00