Skip to content

WebGoat 8.0 Release Criteria

Jump to bottom Edit New page
0xedison edited this page Jun 30, 2020 · 12 revisions

WebGoat 8.0

Features (issues) issues to complete for 8.0 release

  • fix initial 'show hints' view
  • fix hints display of special characters (new library needed?)

Lessons to complete prior to releasing 8.0

  • XSS (need some work)
  • General
    • HTTP1. Basics ✅
    • HTTP Proxies ✅
  • Injection
    • SQL Injection (Split advanced and basic)
    • XXE (incorporate photo comments from challenge) ✅
  • Client-side
    • Client-Side Filtering (need to finish)
    • Client-side tampering (bypass javascript ... e.g. email regex, change values, change DOM generally)
  • Access Control
    • IDOR (mostly done, needs some QA, maybe additional content ... maybe reference 'API' here)
  • Authentication & Sessions
    • Cookies (logout, create-a-cookie)
    • JWT (move from challenge, maybe add brute-force)
  • CSRF (not started)
  • Vulnerable Components ✅

WebGoat 8.1

  • Access Control
  • Command Injection
  • Password Reset

WebGoat 8.1 features

  • lesson tagging, menu sorting/display

WebGoat 8.1 Pipeline Improvement

  • increase lesson test coverage >= 50%
  • increase overall test coverage >= 30%
  • Establish basic UI testing (not by lesson, but framework)

WebGoat 8.2 (include 'WebWolf' ?)

  • ClickJacking
  • CORS
  • Session Fixation ???
Add a custom footer

News

Helping the Goat!

FAQ

Developer Getting Started Guide

Clone this wiki locally