This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Autumn of Code 2006 - Projects: Web Goat - Progress"
From OWASP
(→Lessons to be Implemented:) |
m (→Lessons to be Implemented:) |
||
Line 3: | Line 3: | ||
== Lessons to be Implemented: == | == Lessons to be Implemented: == | ||
− | * DOM Injection - Done | + | * DOM Injection - *Done* |
* XML Injection | * XML Injection | ||
* XMLRPC Attacks | * XMLRPC Attacks | ||
* Silent Transactional Authorizational Attacks | * Silent Transactional Authorizational Attacks | ||
− | * HTTP Splitting - Done | + | * HTTP Splitting - *Done* |
− | * Log Spoofing - Done (Jeff: add a hint to add a link) | + | * Log Spoofing - *Done*(Jeff: add a hint to add a link) |
* Cache Poising | * Cache Poising | ||
− | * Cross-Site Request Forgery (CSRF) - Done (still needs some work) | + | * Cross-Site Request Forgery (CSRF) - *Done*(still needs some work) |
* Back Doors | * Back Doors | ||
− | * XPATH Injection | + | * XPATH Injection *Done* |
* Buffer Overflow - Will be taken care of by Bruce | * Buffer Overflow - Will be taken care of by Bruce | ||
− | * How to Perform Parameter Injection - Replaced by How to Add a new lesson lesson - Done | + | * How to Perform Parameter Injection - Replaced by How to Add a new lesson lesson - *Done* |
− | * Forced Browsing - Done | + | * Forced Browsing - *Done* |
== Daily Notes == | == Daily Notes == |
Revision as of 04:23, 18 December 2006
Lessons to be Implemented:
- DOM Injection - *Done*
- XML Injection
- XMLRPC Attacks
- Silent Transactional Authorizational Attacks
- HTTP Splitting - *Done*
- Log Spoofing - *Done*(Jeff: add a hint to add a link)
- Cache Poising
- Cross-Site Request Forgery (CSRF) - *Done*(still needs some work)
- Back Doors
- XPATH Injection *Done*
- Buffer Overflow - Will be taken care of by Bruce
- How to Perform Parameter Injection - Replaced by How to Add a new lesson lesson - *Done*
- Forced Browsing - *Done*
Daily Notes
Week 01 - Oct 08
- Checked out the source code.
- Built the project from scratch
- Got the environment ready
- Added a skeleton for Http Splitting lesson
- Worked on updating the project page
- Finished working on the HTTP Spliting lesson and committed the code.
- Started investigating the CSRF (Cross-Site Request Forgery) attacks.
Week 02 - Oct 15
Week 03 - Oct 22
- Finished working on Cross-Site Request Forgery Attacks.
Week 04 - Oct 29
- Continued working on Log Spoofing lesson.
- Finished working on Log Spoofing lesson.
- Started working on Parameter Injection and Forced Browsing lessons
Week 05 - Nov 05
- Finished and submitted Log Spoofing lesson
- Finished and submitted Forced Browsing lesson.
Week 06 - Nov 12
- Added How to add a new lesson lesson. - Started working on the AJAX-specific lessons
Week 07 - Nov 19
- Worked on XML injection attacks
- Started working on DOM injection attacks
Week 08 - Nov 26
Week 09 - Dec 03
- Started working on integrating WebGoat to OSG. - Got OSG working localy. - Starting working on a filter for the requests that can be enabled or disabled using the config file (web.xml). - Started working on the first AJAX lesson: DOM Injection.
Week 10 - Dec 10
- Finished working on a Tomcat connetor to OSG. - Finished working on DOM Injection lesson