cam.morris d2a6a2b272 This change includes two additional CSRF lessons. One for ...

by-passing a prompt (showing why prompts don't work).  The second for
by-passing CSRF tokens when XSS exists. 

It also modifies the existing CSRF lesson so that the lesson
can be extended and used by the two new lessons.


git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@386 4033779f-a91e-0410-96ef-6bf7bf53c507

2009-10-23 21:23:17 +00:00

..

lessons

This change includes two additional CSRF lessons. One for

2009-10-23 21:23:17 +00:00

servlets

Reformat of Java source. Added JavaStyle format definitions.

2008-02-27 00:29:19 +00:00

session

Three new lessons and supporting files and changes to other files. Some changes to other files may not be quite the "right" way to accomplish my goal, so they may need to be updated. I deleted the old BlindSQLInjection lesson (which was by me) since it is replaced by the two new lessons for BlindNumericSqlInjection and BlindStringSqlInjection. Other new lesson is for MaliciousFileExecution, which requires the Apache Commons fileupload library (which in turn needs the commons io library).

2009-10-20 04:30:00 +00:00

util

Removed hardcoded webgoat path for URLs

2008-11-21 16:57:23 +00:00

Catcher.java

Formatting according to OWASP WebGoat Java Style

2008-08-05 17:32:17 +00:00

HammerHead.java

Minor 5.2 changes.

2008-05-13 03:44:40 +00:00

LessonSource.java

Added bug report

2008-07-11 00:05:05 +00:00