This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Autumn of Code 2006 - Projects: Web Goat - Progress"
From OWASP
(→Week 09 - Dec 03) |
(→Daily Notes) |
||
Line 1: | Line 1: | ||
[[OWASP_Autumn_of_Code_2006_-_Projects:_Web_Goat|Project Main Page]] | [[OWASP_Autumn_of_Code_2006_-_Projects:_Web_Goat|Project Main Page]] | ||
+ | |||
+ | == Lessons to be Implemented: == | ||
+ | |||
+ | === DOM Injection === | ||
+ | === XML Injection === | ||
+ | === XMLRPC Attacks === | ||
+ | === Silent Transactional Authorizational Attacks === | ||
+ | === HTTP Splitting === | ||
+ | === Log Spoofing === | ||
+ | === Cache Poising === | ||
+ | === Cross-Site Request Forgery (CSRF) === | ||
+ | === Back Doors === | ||
+ | === XPATH Injection === | ||
+ | === Buffer Overflow === | ||
+ | === How to Perform Parameter Injection === | ||
+ | === Forced Browsing === | ||
+ | |||
+ | |||
== Daily Notes == | == Daily Notes == | ||
Line 20: | Line 38: | ||
* Continued working on Log Spoofing lesson. | * Continued working on Log Spoofing lesson. | ||
* Finished working on Log Spoofing lesson. | * Finished working on Log Spoofing lesson. | ||
− | * Started working on Parameter Injection and Forced Browsing lessons | + | *Started working on Parameter Injection and Forced Browsing lessons |
=== Week 05 - Nov 05 === | === Week 05 - Nov 05 === |
Revision as of 04:04, 18 December 2006
- 1 Lessons to be Implemented:
- 1.1 DOM Injection
- 1.2 XML Injection
- 1.3 XMLRPC Attacks
- 1.4 Silent Transactional Authorizational Attacks
- 1.5 HTTP Splitting
- 1.6 Log Spoofing
- 1.7 Cache Poising
- 1.8 Cross-Site Request Forgery (CSRF)
- 1.9 Back Doors
- 1.10 XPATH Injection
- 1.11 Buffer Overflow
- 1.12 How to Perform Parameter Injection
- 1.13 Forced Browsing
- 2 Daily Notes
Lessons to be Implemented:
DOM Injection
XML Injection
XMLRPC Attacks
Silent Transactional Authorizational Attacks
HTTP Splitting
Log Spoofing
Cache Poising
Cross-Site Request Forgery (CSRF)
Back Doors
XPATH Injection
Buffer Overflow
How to Perform Parameter Injection
Forced Browsing
Daily Notes
Week 01 - Oct 08
- Checked out the source code.
- Built the project from scratch
- Got the environment ready
- Added a skeleton for Http Splitting lesson
- Worked on updating the project page
- Finished working on the HTTP Spliting lesson and committed the code.
- Started investigating the CSRF (Cross-Site Request Forgery) attacks.
Week 02 - Oct 15
Week 03 - Oct 22
- Finished working on Cross-Site Request Forgery Attacks.
Week 04 - Oct 29
- Continued working on Log Spoofing lesson.
- Finished working on Log Spoofing lesson.
- Started working on Parameter Injection and Forced Browsing lessons
Week 05 - Nov 05
- Finished and submitted Log Spoofing lesson
- Finished and submitted Forced Browsing lesson.
Week 06 - Nov 12
- Added How to add a new lesson lesson. - Started working on the AJAX-specific lessons
Week 07 - Nov 19
- Worked on XML injection attacks
- Started working on DOM injection attacks
Week 08 - Nov 26
Week 09 - Dec 03
- Started working on integrating WebGoat to OSG. - Got OSG working localy. - Starting working on a filter for the requests that can be enabled or disabled using the config file (web.xml). - Started working on the first AJAX lesson: DOM Injection.
Week 10 - Dec 10
- Finished working on a Tomcat connetor to OSG. - Finished working on DOM Injection lesson