WebGoat 8.0 Release Criteria
0xedison edited this page Jun 30, 2020
·
12 revisions
- fix initial 'show hints' view
- fix hints display of special characters (new library needed?)
- XSS (need some work)
- General
- HTTP1. Basics ✅
- HTTP Proxies ✅
- Injection
- SQL Injection (Split advanced and basic)
- XXE (incorporate photo comments from challenge) ✅
- Client-side
- Client-Side Filtering (need to finish)
- Client-side tampering (bypass javascript ... e.g. email regex, change values, change DOM generally)
- Access Control
- IDOR (mostly done, needs some QA, maybe additional content ... maybe reference 'API' here)
- Authentication & Sessions
- Cookies (logout, create-a-cookie)
- JWT (move from challenge, maybe add brute-force)
- CSRF (not started)
- Vulnerable Components ✅
- Access Control
- Command Injection
- Password Reset
- lesson tagging, menu sorting/display
- increase lesson test coverage >= 50%
- increase overall test coverage >= 30%
- Establish basic UI testing (not by lesson, but framework)
- ClickJacking
- CORS
- Session Fixation ???