OWASP Autumn of Code 2006 - Projects: Web Goat - Progress

asian style prom dress crack for norton antivirus 2005 autocad blocks plants african american prison population auto populate african grey parrot sounds asia carerra auto display ramp asian doggy antivirus online scan free african braiding hair styles animax asia schedule african animal figurine top automatic gun paint spray automoveis bmw em portugues top http south african national anthem midi symantic antivirus client avery auto salvage phillip island australia accommodation african american party decorations nodular prostatic hyperplasia australian sheepskin slippers asian print models south african art painter phil baker australia music industry jobs in australia cai asia anastasia sheet music free african sea coconut cough auto classifieds portland australias animal emblems history of african american spiritual http asian mail order brides camps bay south africa accomodation good antivirus programs antivirus software tests zodiac inflatables australia african big five animals old/new cotton jute bags in south africa australia boat in sail sale yatchs symantics antivirus antivirus software for download eztrust antivirus free download aircraft maintenance training australia mcafee antivirus free version Project Main Page

Lessons to be Implemented:

 * DOM Injection - Done
 * XML Injection - Done
 * XMLRPC Attacks - Replaced by JSON Injection - Done
 * Silent Transactional Authorizational Attacks - Done
 * HTTP Splitting - Done
 * Log Spoofing - Done
 * Cache Poising - Done
 * Cross-Site Request Forgery (CSRF) - Done
 * Back Doors Done
 * XPATH Injection Done
 * Buffer Overflow - Will be taken care of by Bruce
 * How to Perform Parameter Injection - Replaced by How to Add a new lesson lesson - Done
 * Forced Browsing - Done


 * Manual and Installation Guide: Done

Week 01 - Oct 08

 * Checked out the source code.
 * Built the project from scratch
 * Got the environment ready
 * Added a skeleton for Http Splitting lesson
 * Worked on updating the project page
 * Finished working on the HTTP Spliting lesson and committed the code.
 * Started investigating the CSRF (Cross-Site Request Forgery) attacks.

Week 03 - Oct 22

 * Finished working on Cross-Site Request Forgery Attacks.

Week 04 - Oct 29

 * Continued working on Log Spoofing lesson.
 * Finished working on Log Spoofing lesson.
 * Started working on Parameter Injection and Forced Browsing lessons

Week 05 - Nov 05

 * Finished and submitted Log Spoofing lesson
 * Finished and submitted Forced Browsing lesson.

Week 06 - Nov 12
- Added How to add a new lesson lesson. - Started working on the AJAX-specific lessons

Week 07 - Nov 19

 * Worked on XML injection attacks
 * Started working on DOM injection attacks

Week 09 - Dec 03

 * Started working on integrating WebGoat to OSG.
 * Got OSG working localy.
 * Starting working on a filter for the requests that can be enabled or disabled using the config file (web.xml).
 * Started working on the first AJAX lesson: DOM Injection.

Week 10 - Dec 10

 * Finished working on a Tomcat connetor to OSG.
 * Finished working on DOM Injection lesson

Week 11 - Dec 17

 * Worked on cache poisining
 * Worked on XML Injections
 * Added gratifications to HTTP Splitting

Week 12 - Dec 24

 * Finished XML Injections
 * Finished working on Cache Poisining
 * Added a hint for the user per Jeff's comments.
 * Working on JSON injection

Week 13 - Dec 30
- Finished SQL Backdoors attacks - Finished JSON Injection