Capybara added to demonstrate vulnerabilities.

Adding Capybara to verify replay-ability of hacking vulnerabilities. I
imagine these may want to be kept on a different branch for QA and
educational purposes, but not distributed with master when forked.

This commit also includes demonstrating the SQL Injection vulnerability.

Gemfile.lock

@@ -48,8 +48,15 @@ GEM
     builder (3.0.4)
     bundler-audit (0.1.2)
       bundler (~> 1.2)
+    capybara (2.1.0)
+      mime-types (>= 1.16)
+      nokogiri (>= 1.3.3)
+      rack (>= 1.0.0)
+      rack-test (>= 0.5.4)
+      xpath (~> 2.0)
     childprocess (0.3.9)
       ffi (~> 1.0, >= 1.0.11)
+    cliver (0.2.2)
     coderay (1.0.9)
     coffee-rails (3.2.2)
       coffee-script (>= 2.2.0)
@@ -63,6 +70,7 @@ GEM
       diff-lcs (>= 1.1.3)
       gherkin (~> 2.12.0)
       multi_json (~> 1.3)
+    database_cleaner (1.1.1)
     diff-lcs (1.2.4)
     em-websocket (0.5.0)
       eventmachine (>= 0.12.9)
@@ -125,9 +133,13 @@ GEM
       treetop (~> 1.4.8)
     method_source (0.8.1)
     mime-types (1.22)
-    minitest (4.7.5)
     multi_json (1.7.2)
     nokogiri (1.5.10)
+    poltergeist (1.4.1)
+      capybara (~> 2.1.0)
+      cliver (~> 0.2.1)
+      multi_json (~> 1.0)
+      websocket-driver (>= 0.2.0)
     polyglot (0.3.3)
     powder (0.2.0)
       thor (>= 0.11.5)
@@ -222,6 +234,9 @@ GEM
       kgio (~> 2.6)
       rack
       raindrops (~> 0.7)
+    websocket-driver (0.3.0)
+    xpath (2.0.0)
+      nokogiri (~> 1.3)
 
 PLATFORMS
   ruby
@@ -231,7 +246,9 @@ DEPENDENCIES
   bcrypt-ruby
   brakeman
   bundler-audit
+  capybara
   coffee-rails (~> 3.2.1)
+  database_cleaner
   execjs
   foreman
   gauntlt
@@ -241,7 +258,7 @@ DEPENDENCIES
   guard-shell
   jquery-fileupload-rails
   jquery-rails
-  minitest (~> 4.0)
+  poltergeist
   powder
   pry
   rack-livereload