Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    René Zubcevic
    @zubcevic
    This gitter room can be used to discuss all things related to OWASP WebGoat. Normal issues are part of the GitHub repository.
    René Zubcevic
    @zubcevic
    The latest WebGoat release is 8.1.0. Since than several improvements have been added. The latest version can be build from the develop branch.
    avivmu
    @avivmu
    Hey @zubcevic , is this project still actively maintained? There are several PRs that are awaiting for merge
    René Zubcevic
    @zubcevic
    Hi, yes this project has been around for many years and has had some significant improvements in the last year. However most commits as you can see are from Nanne Baars and myself. Sometimes also from other people who help change text and descriptions or even add lessons.
    The latest major feature was that you can now start webgoat with a certain selection of categories and lessons. In order not to overwhelm people
    René Zubcevic
    @zubcevic
    apparantly the lesson on SSRF now fails because the ifconfig.pro site is down, which also blocks pull requests and results in build failures
    This most be something very recent
    René Zubcevic
    @zubcevic
    a fix for the dependency in ifconfig.pro has been pushed to develop branch , see WebGoat/WebGoat#919
    avivmu
    @avivmu
    In HttpBasicsInterceptRequest where does the trackProgress method come from? Intellij show compilation error EDIT: okay there are 2 modules named http-proxies, why?
    René Zubcevic
    @zubcevic
    command-injection is no longer a supported lesson. it is a ledt over from older versions. if intellij uses the correct maven files, it should not include this module
    please make a pull request to remove command-injection. there the pom file indeed uses an existing lesson artefact id
    René Zubcevic
    @zubcevic
    A developer getting started guide is found here: https://github.com/WebGoat/WebGoat/wiki/Developer-Getting-Started
    feel free to update the wiki pages
    avivmu
    @avivmu
    in SSRFTask2 - why do we need to show the ifconfig.pro website contens inside webgoat (we consume the html from the url and display it to ther user - I don't see any reason to do that)?
    René Zubcevic
    @zubcevic
    the original author of the story probably wanted to show external content in the exercise and not just a simple reply that the exercise was correct. But I would also not have chosen this option
    avivmu
    @avivmu
    I made a WebGoat/WebGoat#921 which deletes the command-injection
    René Zubcevic
    @zubcevic
    merged! and the suggested webdriver change looks good as well
    avivmu
    @avivmu
    René Zubcevic
    @zubcevic
    Ah, good one, didn't know that myself. But it is where the static content is kept for the application pages on the OWASP foundation: https://owasp.org/www-project-webgoat/