team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
583 Commits 1 Branch 0 Tags
2a720ffc3c130bc147d4bd87ac0016a7e65ef69b
Commit Graph

215 Commits

Author SHA1 Message Date
cktricky 2baf57780c added a button which will be used for our send vuln 2014-07-28 15:25:41 -04:00
cktricky 04109a2366 working on a new vulnerability 2014-07-28 14:43:14 -04:00
James Espinosa 7e4fad462b Convert file indentation to spaces 2014-07-05 20:17:27 -05:00
James Espinosa 68e6a01743 Clean up trailing and leading whitespace 2014-07-05 19:15:32 -05:00
cktricky e727ff9fd6 added API keys to the tutorial credentials section 2014-06-11 08:08:14 -04:00
cktricky 8595954096 removed alert when an error is thrown 2014-05-26 16:58:26 -04:00
cktricky 1594255251 added coerceToString sot hat hogan functions properly 2014-05-26 13:51:20 -04:00
cktricky 2f5dbb7d82 Merge branch 'metaprogramming' 2014-05-22 15:39:39 -06:00
cktricky 7acc17aea3 everything checks out re: unit tests. Additionally, this closes issue #112 (seriously, are we up to 112 issues already?) 2014-05-22 10:56:29 -06:00
cktricky 8ed2714f3f changed constantize to metaprogramming for the addition of tutorials specific to metaprogramming flaws. In addition, the messages portion of the app needed some generic TLC so I have removed the "new" view in order to bring that functionality into the seed message page/view. 2014-05-20 14:25:45 -04:00
cktricky 2ef2209f70 resolves issue #121 by saving JSAPI and HTML5 shim locally within Railsgoat 2014-05-19 08:54:58 -04:00
cktricky d2bd77a461 the latest sqli tutorial leveraging @forced_request modifications. We really need some more unit-tests for all this new functionality 2014-04-17 22:07:58 -04:00
cktricky 77fcf26abd working on a tutorial for the scope injection / sql injection 2014-04-17 20:51:16 -04:00
John Poulin 4bff205e81 added in johns constantize change as well as some other stuff like CSS fun 2014-04-17 20:10:53 -04:00
John Poulin 196b732b91 Fixed bug in analytics view 2014-04-17 20:04:32 -04:00
John Poulin 3f63480022 Added Analytics function to track user hits by ip address, referrer and user agent 2014-04-17 20:03:50 -04:00
John Poulin 5056f77395 Added codefix example for CSS context XSS. 2014-04-17 20:03:17 -04:00
John Poulin e760fc0087 merging 2014-04-17 20:03:14 -04:00
cktricky 8e4e084dc9 Fixes #99. We have added the hogan method for escaping user input and added a tutorial 2014-04-17 12:51:02 -04:00
cktricky 8cb6ff36ac removed needless diff stuff 2014-04-17 11:37:02 -04:00
cktricky 366edc3b09 not sure if this is working 2014-04-17 11:33:18 -04:00
cktricky c7cd7c4272 Fixes #100. Added some verbiage that makes it clearer that a user should click on the PDF(s) 2014-04-17 08:43:29 -04:00
cktricky d4c882a1c7 Fixes #107. Added some verbiage surrounding the SQL Injection tutorial 2014-04-17 08:09:02 -04:00
cktricky 8febd39252 hopefully nothing changed 2014-04-16 14:40:30 -04:00
cktricky 59946e056c changed motorcross to motocross everywhere that it used. Closes or resolves issue #104 2014-03-26 12:58:48 -04:00
cktricky 7a89ae6f17 added the tutorial for the newest logic flaw 2014-03-16 22:10:19 -04:00
cktricky 8140cb3a1b added the basic template of a tutorial guide for the newly added logic flaw, now I have to fill it out :-( (j/k) 2014-03-16 16:19:07 -04:00
cktricky d11617f272 while the pay page could use further refinement from a visual aspect, it is completely working and ready for a tutorial 2014-03-16 16:10:12 -04:00
cktricky 41a596aba0 added some necessary comments to the pay page 2014-03-16 15:37:47 -04:00
cktricky 87f9c825ba a function to decrypt has been added to the mix 2014-03-16 15:26:33 -04:00
cktricky 3a5818c493 the basics of a working remember-me-logic-flaw completed :-) 2014-03-15 22:30:31 -04:00
cktricky 1f922916d2 have the ability now to update a row of direct deposit information as well as leverage the encryption routine to introduce a serious flaw 2014-03-15 21:58:42 -04:00
cktricky 9951af6170 added row, now working on deletion of a column 2014-03-15 15:46:01 -04:00
cktricky 16eaefefdf view portion of adding a column almost complete, then backend logic 2014-03-15 15:29:45 -04:00
cktricky 7a4efaa950 added the basic components to begin working on the pay index view 2014-03-15 10:28:52 -04:00
cktricky 2c8781ebc1 added a pay controller and model 2014-03-14 20:29:14 -04:00
cktricky 62920b535c Merge branch 'master' of github.com:OWASP/railsgoat into pr-96 2014-03-14 14:00:56 -04:00
cktricky ec8a187833 fixed the checkbox layout, etc. 2014-03-14 12:50:45 -04:00
cktricky e49b43f899 added the verbose model attributes finding under the exposure section within the tutorials 2014-03-12 20:28:59 -04:00
cktricky 4b0560a250 whew, now THAT is a huge tutorial explanation for a relatively simple issue! 2014-03-12 18:59:38 -04:00
relotnek b9f61b3686 stylistic elements 2014-03-11 21:18:48 -04:00
relotnek 18a1e219b7 added rememberme checkbox to new session form 2014-03-11 20:34:47 -04:00
cktricky c559bd5602 updated tutorial to reflect changes to the correct code listed within the user model 2014-03-09 20:16:54 -04:00
ecneladis 84fd9503ca Removed duplicated code from exemplary validations for password 2014-03-06 19:40:33 +01:00
cktricky 80e9fd11a8 minor UI improvements on the Forgot Password and Register pages 2013-12-24 08:46:43 -05:00
cktricky e757f33c0a UI improvements for the login page 2013-12-24 08:35:29 -05:00
Mike McCabe abe22b19e9 adding password rest method and changing some logic around 2013-12-11 22:25:02 -05:00
James Espinosa da1845e8f9 Implement working mailer and controller 2013-12-04 00:57:32 -06:00
James Espinosa 26e04deb9f Implement basic password reset mailer 2013-11-25 19:36:33 -06:00
James Espinosa 93d7c2bd44 Add mailtrap.io SMTP settings 2013-11-24 23:57:52 -06:00