This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Autumn of Code 2006 - Projects: Web Goat - Progress"

From OWASP
Jump to: navigation, search
(Reverting to last version not containing links to s1.shard.jp)
(Reverting to last version not containing links to s1.shard.jp)
 
(One intermediate revision by one other user not shown)
(No difference)

Latest revision as of 12:50, 3 June 2009

Project Main Page

Lessons to be Implemented:

  • DOM Injection - Done
  • XML Injection - Done
  • XMLRPC Attacks - Replaced by JSON Injection - Done
  • Silent Transactional Authorizational Attacks - Done
  • HTTP Splitting - Done
  • Log Spoofing - Done
  • Cache Poising - Done
  • Cross-Site Request Forgery (CSRF) - Done
  • Back Doors Done
  • XPATH Injection Done
  • Buffer Overflow - Will be taken care of by Bruce
  • How to Perform Parameter Injection - Replaced by How to Add a new lesson lesson - Done
  • Forced Browsing - Done
  • Manual and Installation Guide: Done

Daily Notes

Week 01 - Oct 08

  • Checked out the source code.
  • Built the project from scratch
  • Got the environment ready
  • Added a skeleton for Http Splitting lesson
  • Worked on updating the project page
  • Finished working on the HTTP Spliting lesson and committed the code.
  • Started investigating the CSRF (Cross-Site Request Forgery) attacks.

Week 02 - Oct 15

Week 03 - Oct 22

  • Finished working on Cross-Site Request Forgery Attacks.

Week 04 - Oct 29

  • Continued working on Log Spoofing lesson.
  • Finished working on Log Spoofing lesson.
  • Started working on Parameter Injection and Forced Browsing lessons

Week 05 - Nov 05

  • Finished and submitted Log Spoofing lesson
  • Finished and submitted Forced Browsing lesson.

Week 06 - Nov 12

- Added How to add a new lesson lesson. - Started working on the AJAX-specific lessons

Week 07 - Nov 19

  • Worked on XML injection attacks
  • Started working on DOM injection attacks

Week 08 - Nov 26

Week 09 - Dec 03

  • Started working on integrating WebGoat to OSG.
  • Got OSG working localy.
  • Starting working on a filter for the requests that can be enabled or disabled using the config file (web.xml).
  • Started working on the first AJAX lesson: DOM Injection.

Week 10 - Dec 10

  • Finished working on a Tomcat connetor to OSG.
  • Finished working on DOM Injection lesson

Week 11 - Dec 17

  • Worked on cache poisining
  • Worked on XML Injections
  • Added gratifications to HTTP Splitting

Week 12 - Dec 24

  • Finished XML Injections
  • Finished working on Cache Poisining
  • Added a hint for the user per Jeff's comments.
  • Working on JSON injection

Week 13 - Dec 30

- Finished SQL Backdoors attacks - Finished JSON Injection

Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Autumn_of_Code_2006_-_Projects:_Web_Goat_-_Progress&oldid=63502"