team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
608 Commits 1 Branch 0 Tags
1d3540dbb2b5c11698db8992c1488132388daade
Commit Graph

54 Commits

Author SHA1 Message Date
cktricky ef2bc20c97 working on the httponly tutorial 2014-09-11 11:01:56 -04:00
cktricky 286e89ea36 removed the tutorial snippet about using Rails 3.2.11 since this is no longer the case; under the insecure components section. Also, changed the partials name to first (from second), and renumbered the collapsable sections. Ran tests, all seems good to go 2014-08-19 12:32:19 -04:00
cktricky 04109a2366 working on a new vulnerability 2014-07-28 14:43:14 -04:00
James Espinosa 7e4fad462b Convert file indentation to spaces 2014-07-05 20:17:27 -05:00
James Espinosa 68e6a01743 Clean up trailing and leading whitespace 2014-07-05 19:15:32 -05:00
cktricky 2f5dbb7d82 Merge branch 'metaprogramming' 2014-05-22 15:39:39 -06:00
cktricky 7acc17aea3 everything checks out re: unit tests. Additionally, this closes issue #112 (seriously, are we up to 112 issues already?) 2014-05-22 10:56:29 -06:00
cktricky 8ed2714f3f changed constantize to metaprogramming for the addition of tutorials specific to metaprogramming flaws. In addition, the messages portion of the app needed some generic TLC so I have removed the "new" view in order to bring that functionality into the seed message page/view. 2014-05-20 14:25:45 -04:00
cktricky 77fcf26abd working on a tutorial for the scope injection / sql injection 2014-04-17 20:51:16 -04:00
cktricky 8e4e084dc9 Fixes #99. We have added the hogan method for escaping user input and added a tutorial 2014-04-17 12:51:02 -04:00
cktricky 8140cb3a1b added the basic template of a tutorial guide for the newly added logic flaw, now I have to fill it out :-( (j/k) 2014-03-16 16:19:07 -04:00
cktricky e49b43f899 added the verbose model attributes finding under the exposure section within the tutorials 2014-03-12 20:28:59 -04:00
cktricky 4b0560a250 whew, now THAT is a huge tutorial explanation for a relatively simple issue! 2014-03-12 18:59:38 -04:00
cktricky f53ab56e92 fixes a bug introduced during the transition from info_disclosure to A6 2013-11-14 11:06:27 -05:00
Mike McCabe af8776a3ea halfway done A7 2013-11-13 18:23:38 -05:00
cktricky 8c672fd2fc fixed the route 2013-11-13 12:16:48 -05:00
Mike McCabe f0ca17df79 updating the information for A9 fixes #27 2013-11-13 11:47:29 -05:00
Mike McCabe fe9d8b266f adding security misconfig text 2013-11-12 18:55:14 -05:00
cktricky 6950accce4 a6 exposure, working on the wording for SSNs being stored in the clear 2013-11-12 17:44:27 -05:00
cktricky 64f2ad9f9e very minor sidebar change 2013-10-14 08:46:21 -04:00
cktricky f9bbbe0a54 oops 2013-10-14 08:44:09 -04:00
cktricky 6897996394 merged 2013-10-14 08:42:27 -04:00
cktricky 940181f397 merged some content 2013-10-14 08:39:20 -04:00
cktricky d2bc7d740a minor fix 2013-10-14 08:36:52 -04:00
cktricky 979b6a229a working on avoiding timing attacks piece 2013-08-17 21:27:33 -04:00
cktricky d909f55ab9 initial write-up for gauntlt 2013-08-08 21:25:52 -04:00
Ken Johnson 82b5809bee almost finished with the write-up for the command injection vulnerability 2013-07-10 11:41:36 -04:00
Ken Johnson ef2b2e8e11 okay, finally got a working redirect vuln 2013-06-04 11:00:01 -04:00
Ken Johnson 912c34a26e finished the writeup for password complexity 2013-06-03 01:11:51 -04:00
Ken Johnson caecb88e30 prepping for constantize 2013-06-02 20:35:01 -04:00
Ken Johnson 570eafa01b this closes issue #9 2013-06-02 20:19:31 -04:00
Ken Johnson 4e445375fa created the info disclosure write-up. Close issue #16 2013-06-02 12:39:04 -04:00
Ken Johnson e483f1b2cd cleaned up the tutorial home page 2013-05-30 17:05:48 -04:00
Ken Johnson 31ce6ab1b5 test 2013-05-24 13:19:44 -04:00
Ken Johnson 9e92619294 refactored remaining tutorials 2013-05-23 17:12:39 -04:00
Ken Johnson 65dc8369e9 refactored url access and misconfig 2013-05-23 17:08:35 -04:00
Ken Johnson 958de07b4a refactored insecure dor 2013-05-23 17:01:43 -04:00
Ken Johnson 4b8b2243c3 refactored xss 2013-05-23 16:59:36 -04:00
Ken Johnson b280d84955 refactored injection 2013-05-23 16:57:18 -04:00
Ken Johnson 51aa8701f2 refactoring tutorial instances into partials for extensibility 2013-05-23 16:55:27 -04:00
Ken Johnson f674a57440 awesome. now we show code snippets in a much better way. Peeps who add to the tutorials will need to enclose code w/ <pre class="ruby></pre> 2013-05-23 15:18:39 -04:00
Ken Johnson a877e93780 abstracted out tutorial as I start writing these up, otherwise the html is going to get incredibly cluttered 2013-05-22 13:26:00 -04:00
Ken Johnson 10956ed316 unded fix position on sidebar because I realized you cannot see the entire thing even if you scroll down :-( 2013-05-10 12:08:41 -04:00
Ken Johnson 16729c3be6 adding material to the tutorial "home" page 2013-05-09 19:18:43 -04:00
Ken Johnson 648af6a4c8 added a hint dropdown to every tutorial section 2013-05-09 17:59:11 -04:00
Ken Johnson d01e508bc3 added email validation and tthen saved any params they were entering during signup in an @user object 2013-04-28 02:49:02 -04:00
Ken Johnson 9c37eb99a1 lost track of what I was doing so I cant tell you what Ive done, heh 2013-04-25 15:23:07 -04:00
Ken Johnson 01c246c902 added a bunch of wording 2013-04-25 14:49:20 -04:00
Ken Johnson db19e5d990 went ahead and filled in XSS 2013-04-25 13:40:50 -04:00
Ken Johnson 726526eabf added a sidebar element, an index to let ppl know how to get started, and some logic to get users to the tutorials and back into the app regardless of auth or not 2013-04-25 02:11:11 -04:00