This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Autumn of Code 2006 - Projects: Web Goat - Progress"

From OWASP
Jump to: navigation, search
(Week 09 - Dec 03)
(Daily Notes)
Line 1: Line 1:
 
[[OWASP_Autumn_of_Code_2006_-_Projects:_Web_Goat|Project Main Page]]
 
[[OWASP_Autumn_of_Code_2006_-_Projects:_Web_Goat|Project Main Page]]
 +
 +
== Lessons to be Implemented: ==
 +
 +
=== DOM Injection ===
 +
=== XML Injection ===
 +
=== XMLRPC Attacks ===
 +
=== Silent Transactional Authorizational Attacks ===
 +
=== HTTP Splitting ===
 +
=== Log Spoofing ===
 +
=== Cache Poising ===
 +
=== Cross-Site Request Forgery (CSRF) ===
 +
=== Back Doors ===
 +
=== XPATH Injection ===
 +
=== Buffer Overflow ===
 +
=== How to Perform Parameter Injection ===
 +
=== Forced Browsing ===
 +
 +
  
 
== Daily Notes ==
 
== Daily Notes ==
Line 20: Line 38:
 
* Continued working on Log Spoofing lesson.
 
* Continued working on Log Spoofing lesson.
 
* Finished working on Log Spoofing lesson.
 
* Finished working on Log Spoofing lesson.
* Started working on Parameter Injection and Forced Browsing lessons
+
*Started working on Parameter Injection and Forced Browsing lessons
  
 
=== Week 05 - Nov 05 ===
 
=== Week 05 - Nov 05 ===

Revision as of 04:04, 18 December 2006

Project Main Page

Lessons to be Implemented:

DOM Injection

XML Injection

XMLRPC Attacks

Silent Transactional Authorizational Attacks

HTTP Splitting

Log Spoofing

Cache Poising

Cross-Site Request Forgery (CSRF)

Back Doors

XPATH Injection

Buffer Overflow

How to Perform Parameter Injection

Forced Browsing

Daily Notes

Week 01 - Oct 08

  • Checked out the source code.
  • Built the project from scratch
  • Got the environment ready
  • Added a skeleton for Http Splitting lesson
  • Worked on updating the project page
  • Finished working on the HTTP Spliting lesson and committed the code.
  • Started investigating the CSRF (Cross-Site Request Forgery) attacks.

Week 02 - Oct 15

Week 03 - Oct 22

  • Finished working on Cross-Site Request Forgery Attacks.

Week 04 - Oct 29

  • Continued working on Log Spoofing lesson.
  • Finished working on Log Spoofing lesson.
  • Started working on Parameter Injection and Forced Browsing lessons

Week 05 - Nov 05

  • Finished and submitted Log Spoofing lesson
  • Finished and submitted Forced Browsing lesson.

Week 06 - Nov 12

- Added How to add a new lesson lesson. - Started working on the AJAX-specific lessons

Week 07 - Nov 19

  • Worked on XML injection attacks
  • Started working on DOM injection attacks

Week 08 - Nov 26

Week 09 - Dec 03

- Started working on integrating WebGoat to OSG. - Got OSG working localy. - Starting working on a filter for the requests that can be enabled or disabled using the config file (web.xml). - Started working on the first AJAX lesson: DOM Injection.

Week 10 - Dec 10

- Finished working on a Tomcat connetor to OSG. - Finished working on DOM Injection lesson

Week 11 - Dec 17

Week 12 - Dec 24

Week 13 - Dec 30