team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
607 Commits 1 Branch 0 Tags
1ea0c2ddbb617daeb9e5c9e294846b9a9ea0a71b
Commit Graph

155 Commits

Author SHA1 Message Date
Al Snow 1ea0c2ddbb More Rails 4.0 upgrade changes 
1. Compared existing branch with empty Rails 4.0 project and
    made changes as needed.
 2. Fix find/first warning.
 3. Fix sqlite timeout issue.
    -- config/database.yml
    -- spec/vulnerabilities/insecure_dor_spec.rb
 2014-09-13 13:44:07 -04:00
cktricky 7e38ac845f oops, omitted a couple important features/vulnerabilities 2014-09-11 11:13:15 -04:00
cktricky a50cad0cf3 Resolves #133 2014-09-11 11:11:55 -04:00
cktricky ef2bc20c97 working on the httponly tutorial 2014-09-11 11:01:56 -04:00
Mike McCabe 4f2bfc1a8f fixing tutorial it should be != to match code not == 2014-08-22 19:44:35 -04:00
cktricky 61c5981cb7 Merge branch 'pr-145' 2014-08-19 12:33:22 -04:00
cktricky 286e89ea36 removed the tutorial snippet about using Rails 3.2.11 since this is no longer the case; under the insecure components section. Also, changed the partials name to first (from second), and renumbered the collapsable sections. Ran tests, all seems good to go 2014-08-19 12:32:19 -04:00
cktricky a4c68989f0 keeping changes for now 2014-08-04 12:58:17 -04:00
cktricky e2546f4eeb moved the conditional statement out of the primary view and into the layout itself 2014-07-29 18:00:42 -05:00
cktricky 88ed0e2b50 need to create the bar graph version, write up the remaining parts of the tutorial, and ensure it did not break the DOM vuln 2014-07-29 17:56:33 -05:00
cktricky 2baf57780c added a button which will be used for our send vuln 2014-07-28 15:25:41 -04:00
cktricky 04109a2366 working on a new vulnerability 2014-07-28 14:43:14 -04:00
James Espinosa 7e4fad462b Convert file indentation to spaces 2014-07-05 20:17:27 -05:00
James Espinosa 68e6a01743 Clean up trailing and leading whitespace 2014-07-05 19:15:32 -05:00
cktricky e727ff9fd6 added API keys to the tutorial credentials section 2014-06-11 08:08:14 -04:00
cktricky 2f5dbb7d82 Merge branch 'metaprogramming' 2014-05-22 15:39:39 -06:00
cktricky 7acc17aea3 everything checks out re: unit tests. Additionally, this closes issue #112 (seriously, are we up to 112 issues already?) 2014-05-22 10:56:29 -06:00
cktricky 8ed2714f3f changed constantize to metaprogramming for the addition of tutorials specific to metaprogramming flaws. In addition, the messages portion of the app needed some generic TLC so I have removed the "new" view in order to bring that functionality into the seed message page/view. 2014-05-20 14:25:45 -04:00
cktricky 2ef2209f70 resolves issue #121 by saving JSAPI and HTML5 shim locally within Railsgoat 2014-05-19 08:54:58 -04:00
cktricky d2bd77a461 the latest sqli tutorial leveraging @forced_request modifications. We really need some more unit-tests for all this new functionality 2014-04-17 22:07:58 -04:00
cktricky 77fcf26abd working on a tutorial for the scope injection / sql injection 2014-04-17 20:51:16 -04:00
John Poulin 196b732b91 Fixed bug in analytics view 2014-04-17 20:04:32 -04:00
John Poulin 3f63480022 Added Analytics function to track user hits by ip address, referrer and user agent 2014-04-17 20:03:50 -04:00
John Poulin 5056f77395 Added codefix example for CSS context XSS. 2014-04-17 20:03:17 -04:00
John Poulin e760fc0087 merging 2014-04-17 20:03:14 -04:00
cktricky 8e4e084dc9 Fixes #99. We have added the hogan method for escaping user input and added a tutorial 2014-04-17 12:51:02 -04:00
cktricky d4c882a1c7 Fixes #107. Added some verbiage surrounding the SQL Injection tutorial 2014-04-17 08:09:02 -04:00
cktricky 59946e056c changed motorcross to motocross everywhere that it used. Closes or resolves issue #104 2014-03-26 12:58:48 -04:00
cktricky 7a89ae6f17 added the tutorial for the newest logic flaw 2014-03-16 22:10:19 -04:00
cktricky 8140cb3a1b added the basic template of a tutorial guide for the newly added logic flaw, now I have to fill it out :-( (j/k) 2014-03-16 16:19:07 -04:00
cktricky 7a4efaa950 added the basic components to begin working on the pay index view 2014-03-15 10:28:52 -04:00
cktricky 2c8781ebc1 added a pay controller and model 2014-03-14 20:29:14 -04:00
cktricky e49b43f899 added the verbose model attributes finding under the exposure section within the tutorials 2014-03-12 20:28:59 -04:00
cktricky 4b0560a250 whew, now THAT is a huge tutorial explanation for a relatively simple issue! 2014-03-12 18:59:38 -04:00
cktricky c559bd5602 updated tutorial to reflect changes to the correct code listed within the user model 2014-03-09 20:16:54 -04:00
ecneladis 84fd9503ca Removed duplicated code from exemplary validations for password 2014-03-06 19:40:33 +01:00
Mike McCabe 4801dc518a fixing two A5 typos 2013-11-14 11:26:31 -05:00
Mike McCabe 3ec9765ca3 small update to A7 2013-11-14 11:24:15 -05:00
cktricky f53ab56e92 fixes a bug introduced during the transition from info_disclosure to A6 2013-11-14 11:06:27 -05:00
cktricky b9e2723175 closes issue #30 2013-11-14 10:59:20 -05:00
cktricky edfe5b646e fixed category number and this closes issue #35 2013-11-14 10:52:04 -05:00
cktricky 419a051da9 Merge branch 'top-10-2013' of github.com:OWASP/railsgoat into top-10-2013 2013-11-14 10:47:44 -05:00
cktricky b84c8d4cc7 finished write-up for broken auth 2013-11-14 10:47:27 -05:00
Mike McCabe e116d8b096 finishing A7 2013-11-14 10:34:35 -05:00
cktricky 890717b7ea write-up complete for exposure 2013-11-14 10:10:58 -05:00
cktricky e764efe1d4 working on A6 tutorial write-up now that the code is working 2013-11-14 09:39:57 -05:00
Mike McCabe aeabbcf8c6 A7 - switching the var used in the view so that non-admins can view the admin panel 2013-11-13 19:14:12 -05:00
Mike McCabe af8776a3ea halfway done A7 2013-11-13 18:23:38 -05:00
cktricky 8c672fd2fc fixed the route 2013-11-13 12:16:48 -05:00
Mike McCabe f0ca17df79 updating the information for A9 fixes #27 2013-11-13 11:47:29 -05:00