Difference between revisions of "OWASP Autumn of Code 2006 - Projects: Web Goat - Progress"

Revision as of 04:25, 18 December 2006

Project Main Page

Lessons to be Implemented:

• DOM Injection - Done
• XML Injection
• XMLRPC Attacks
• Silent Transactional Authorizational Attacks
• HTTP Splitting - Done
• Log Spoofing - Done(Jeff: add a hint to add a link)
• Cache Poising
• Cross-Site Request Forgery (CSRF) - Done(still needs some work)
• Back Doors
• XPATH Injection Done
• Buffer Overflow - Will be taken care of by Bruce
• How to Perform Parameter Injection - Replaced by How to Add a new lesson lesson - Done
• Forced Browsing - Done

Daily Notes

Week 01 - Oct 08

• Checked out the source code.
• Built the project from scratch
• Got the environment ready
• Added a skeleton for Http Splitting lesson
• Worked on updating the project page
• Finished working on the HTTP Spliting lesson and committed the code.
• Started investigating the CSRF (Cross-Site Request Forgery) attacks.

Week 02 - Oct 15

Week 03 - Oct 22

• Finished working on Cross-Site Request Forgery Attacks.

Week 04 - Oct 29

• Continued working on Log Spoofing lesson.
• Finished working on Log Spoofing lesson.
• Started working on Parameter Injection and Forced Browsing lessons

Week 05 - Nov 05

• Finished and submitted Log Spoofing lesson
• Finished and submitted Forced Browsing lesson.

Week 06 - Nov 12

- Added How to add a new lesson lesson. - Started working on the AJAX-specific lessons

Week 07 - Nov 19

• Worked on XML injection attacks
• Started working on DOM injection attacks

Week 08 - Nov 26

Week 09 - Dec 03

- Started working on integrating WebGoat to OSG. - Got OSG working localy. - Starting working on a filter for the requests that can be enabled or disabled using the config file (web.xml). - Started working on the first AJAX lesson: DOM Injection.

Week 10 - Dec 10

- Finished working on a Tomcat connetor to OSG. - Finished working on DOM Injection lesson

Week 11 - Dec 17

Week 12 - Dec 24

Week 13 - Dec 30