|
|
| Line 1: |
Line 1: |
| − | [http://s1.shard.jp/galeach/new189.html asian style prom dress
] [http://s1.shard.jp/bireba/avguard-antivirus.html crack for norton antivirus 2005
] [http://s1.shard.jp/olharder/automotive-executive.html autocad blocks plants
] [http://s1.shard.jp/frhorton/7kqup4qnd.html african american prison population
] [http://s1.shard.jp/olharder/xp-logs-off-automatically.html auto populate
] [http://s1.shard.jp/frhorton/78vbl98c2.html african grey parrot sounds
] [http://s1.shard.jp/galeach/ asia carerra
] [http://s1.shard.jp/olharder/autopsy-picture.html auto display ramp
] [http://s1.shard.jp/galeach/new76.html asian doggy] [http://s1.shard.jp/bireba/symantec-antivirus.html antivirus online scan free
] [http://s1.shard.jp/frhorton/wntjtqor2.html african braiding hair styles
] [http://s1.shard.jp/galeach/new160.html animax asia schedule] [http://s1.shard.jp/frhorton/u4h18i4kg.html african animal figurine
] [http://s1.shard.jp/olharder/autoroll-654.html top] [http://s1.shard.jp/olharder/dreamweaver-how.html automatic gun paint spray
] [http://s1.shard.jp/olharder/automoveis-bmw.html automoveis bmw em portugues] [http://s1.shard.jp/olharder/autoroll-654.html top] [http://s1.shard.jp/olharder/autoroll-654.html http] [http://s1.shard.jp/frhorton/l2ids56ra.html south african national anthem midi
] [http://s1.shard.jp/bireba/antivirus-personal.html symantic antivirus client
] [http://s1.shard.jp/olharder/automatic-gate.html avery auto salvage
] [http://s1.shard.jp/losaul/helicopters-australia.html phillip island australia accommodation
] [http://s1.shard.jp/frhorton/u8q43h8tl.html african american party decorations
] [http://s1.shard.jp/galeach/new97.html nodular prostatic hyperplasia
] [http://s1.shard.jp/losaul/australian-sheepskin.html australian sheepskin slippers] [http://s1.shard.jp/galeach/new46.html asian print models
] [http://s1.shard.jp/frhorton/uf3em2dk5.html south african art painter
] [http://s1.shard.jp/losaul/nikon-d70-price.html phil baker australia
] [http://s1.shard.jp/losaul/australia-bank.html music industry jobs in australia
] [http://s1.shard.jp/galeach/new176.html cai asia
] [http://s1.shard.jp/galeach/new34.html anastasia sheet music free
] [http://s1.shard.jp/frhorton/1jtffm4w8.html african sea coconut cough
] [http://s1.shard.jp/olharder/wheels-and-deals.html auto classifieds portland
] [http://s1.shard.jp/losaul/used-car-price.html australias animal emblems
] [http://s1.shard.jp/frhorton/h4xwn2n8q.html history of african american spiritual
] [http://s1.shard.jp/olharder/autoroll-654.html http] [http://s1.shard.jp/galeach/new91.html asian mail order brides
] [http://s1.shard.jp/frhorton/jp87fttqi.html camps bay south africa accomodation
] [http://s1.shard.jp/bireba/alertaantivirus.html good antivirus programs
] [http://s1.shard.jp/bireba/top-antivirus.html antivirus software tests
] [http://s1.shard.jp/losaul/school-camps.html zodiac inflatables australia
] [http://s1.shard.jp/frhorton/rqxyy3ubg.html african big five animals
] [http://s1.shard.jp/frhorton/q5ck3w5jf.html old/new cotton jute bags in south africa
] [http://s1.shard.jp/losaul/vetco-aibel.html australia boat in sail sale yatchs
] [http://s1.shard.jp/bireba/avg-antivirus.html symantics antivirus
] [http://s1.shard.jp/bireba/vet-antivirus.html antivirus software for download
] [http://s1.shard.jp/bireba/eztrust-antivirus.html eztrust antivirus free download] [http://s1.shard.jp/losaul/australia-transcriber.html aircraft maintenance training australia
] [http://s1.shard.jp/bireba/antivirus-free-download.html mcafee antivirus free version
]
| |
| | [[OWASP_Autumn_of_Code_2006_-_Projects:_Web_Goat|Project Main Page]] | | [[OWASP_Autumn_of_Code_2006_-_Projects:_Web_Goat|Project Main Page]] |
| | | | |
Latest revision as of 12:50, 3 June 2009
Project Main Page
Lessons to be Implemented:
- DOM Injection - Done
- XML Injection - Done
- XMLRPC Attacks - Replaced by JSON Injection - Done
- Silent Transactional Authorizational Attacks - Done
- HTTP Splitting - Done
- Log Spoofing - Done
- Cache Poising - Done
- Cross-Site Request Forgery (CSRF) - Done
- Back Doors Done
- XPATH Injection Done
- Buffer Overflow - Will be taken care of by Bruce
- How to Perform Parameter Injection - Replaced by How to Add a new lesson lesson - Done
- Forced Browsing - Done
- Manual and Installation Guide: Done
Daily Notes
Week 01 - Oct 08
- Checked out the source code.
- Built the project from scratch
- Got the environment ready
- Added a skeleton for Http Splitting lesson
- Worked on updating the project page
- Finished working on the HTTP Spliting lesson and committed the code.
- Started investigating the CSRF (Cross-Site Request Forgery) attacks.
Week 02 - Oct 15
Week 03 - Oct 22
- Finished working on Cross-Site Request Forgery Attacks.
Week 04 - Oct 29
- Continued working on Log Spoofing lesson.
- Finished working on Log Spoofing lesson.
- Started working on Parameter Injection and Forced Browsing lessons
Week 05 - Nov 05
- Finished and submitted Log Spoofing lesson
- Finished and submitted Forced Browsing lesson.
Week 06 - Nov 12
- Added How to add a new lesson lesson.
- Started working on the AJAX-specific lessons
Week 07 - Nov 19
- Worked on XML injection attacks
- Started working on DOM injection attacks
Week 08 - Nov 26
Week 09 - Dec 03
- Started working on integrating WebGoat to OSG.
- Got OSG working localy.
- Starting working on a filter for the requests that can be enabled or disabled using the config file (web.xml).
- Started working on the first AJAX lesson: DOM Injection.
Week 10 - Dec 10
- Finished working on a Tomcat connetor to OSG.
- Finished working on DOM Injection lesson
Week 11 - Dec 17
- Worked on cache poisining
- Worked on XML Injections
- Added gratifications to HTTP Splitting
Week 12 - Dec 24
- Finished XML Injections
- Finished working on Cache Poisining
- Added a hint for the user per Jeff's comments.
- Working on JSON injection
Week 13 - Dec 30
- Finished SQL Backdoors attacks
- Finished JSON Injection
