OWASP Autumn of Code 2006 - Projects: Web Goat - Progress

index africa church east presbyterian cars on grand theft auto san andreas australia ambulance service african elephant masks mayfair auto parts taylor michigan download norton antivirus updates hunters hill sydney australia african american north dakota accidentes de auto video the plight of africa symantec antivirus 9.0.3 art of african american man norton antivirus 2005 product keygen microsoft antivirus software downloads australian postcodes victoria automatic back scratcher live australian open tennis asia weather maps panda software antivirus norton antivirus 2005 serials and cracks kurt cobain autograph asian festival columbus african american in louisiana history mr chew asian beaver naomi south african independence learners permit western australia africaines femmes rencontre african imports uk australia info job personal remember search african american grow hair natural remedy rainy season in africa automotive null rental australian live music african art and patterns kevin james wife asian asian gils showroom autos south african myths hype hair style for african american asiatic carpets african baby gray parrot picture west african kingdoms domain how to call south africa from canada auto punch digitizing software antivirus software for server 2003 auto repair manuals on line http://www.textrositchi.com Project Main Page

Lessons to be Implemented:

 * DOM Injection - Done
 * XML Injection - Done
 * XMLRPC Attacks - Replaced by JSON Injection - Done
 * Silent Transactional Authorizational Attacks - Done
 * HTTP Splitting - Done
 * Log Spoofing - Done
 * Cache Poising - Done
 * Cross-Site Request Forgery (CSRF) - Done
 * Back Doors Done
 * XPATH Injection Done
 * Buffer Overflow - Will be taken care of by Bruce
 * How to Perform Parameter Injection - Replaced by How to Add a new lesson lesson - Done
 * Forced Browsing - Done


 * Manual and Installation Guide: Done

Week 01 - Oct 08

 * Checked out the source code.
 * Built the project from scratch
 * Got the environment ready
 * Added a skeleton for Http Splitting lesson
 * Worked on updating the project page
 * Finished working on the HTTP Spliting lesson and committed the code.
 * Started investigating the CSRF (Cross-Site Request Forgery) attacks.

Week 03 - Oct 22

 * Finished working on Cross-Site Request Forgery Attacks.

Week 04 - Oct 29

 * Continued working on Log Spoofing lesson.
 * Finished working on Log Spoofing lesson.
 * Started working on Parameter Injection and Forced Browsing lessons

Week 05 - Nov 05

 * Finished and submitted Log Spoofing lesson
 * Finished and submitted Forced Browsing lesson.

Week 06 - Nov 12
- Added How to add a new lesson lesson. - Started working on the AJAX-specific lessons

Week 07 - Nov 19

 * Worked on XML injection attacks
 * Started working on DOM injection attacks

Week 09 - Dec 03

 * Started working on integrating WebGoat to OSG.
 * Got OSG working localy.
 * Starting working on a filter for the requests that can be enabled or disabled using the config file (web.xml).
 * Started working on the first AJAX lesson: DOM Injection.

Week 10 - Dec 10

 * Finished working on a Tomcat connetor to OSG.
 * Finished working on DOM Injection lesson

Week 11 - Dec 17

 * Worked on cache poisining
 * Worked on XML Injections
 * Added gratifications to HTTP Splitting

Week 12 - Dec 24

 * Finished XML Injections
 * Finished working on Cache Poisining
 * Added a hint for the user per Jeff's comments.
 * Working on JSON injection

Week 13 - Dec 30
- Finished SQL Backdoors attacks - Finished JSON Injection