team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
72 Commits 1 Branch 0 Tags
2ceb0328c3dc88bac12cb36f9434e01b28798036
Commit Graph

67 Commits

Author SHA1 Message Date
Ken Johnson 31ce6ab1b5 test 2013-05-24 13:19:44 -04:00
Ken Johnson a10ba8c66c aws ignore 2013-05-24 12:42:50 -04:00
Ken Johnson 18740a7226 working on the dashboard, added some pie charts 2013-05-24 00:03:07 -04:00
Ken Johnson 4579d6e916 finished the first XSS example 2013-05-23 20:29:03 -04:00
Ken Johnson dbbb2ce651 finished the first instance of broken auth and sess mgmt 2013-05-23 20:06:24 -04:00
Ken Johnson c71ef0ccfd fixed some broken elements and added content to broken auth 2013-05-23 17:59:59 -04:00
Ken Johnson 9e92619294 refactored remaining tutorials 2013-05-23 17:12:39 -04:00
Ken Johnson 65dc8369e9 refactored url access and misconfig 2013-05-23 17:08:35 -04:00
Ken Johnson 958de07b4a refactored insecure dor 2013-05-23 17:01:43 -04:00
Ken Johnson 4b8b2243c3 refactored xss 2013-05-23 16:59:36 -04:00
Ken Johnson b280d84955 refactored injection 2013-05-23 16:57:18 -04:00
Ken Johnson 51aa8701f2 refactoring tutorial instances into partials for extensibility 2013-05-23 16:55:27 -04:00
Ken Johnson c72178a665 changed formatting of a paragraph element with a class of desc 2013-05-23 16:42:49 -04:00
Ken Johnson f674a57440 awesome. now we show code snippets in a much better way. Peeps who add to the tutorials will need to enclose code w/ <pre class="ruby></pre> 2013-05-23 15:18:39 -04:00
Ken Johnson a877e93780 abstracted out tutorial as I start writing these up, otherwise the html is going to get incredibly cluttered 2013-05-22 13:26:00 -04:00
Ken Johnson 7032fcaaed another fixer upper 2013-05-22 13:07:19 -04:00
Ken Johnson 9a53087361 okay, added some added color enhancements, time to write up some A3 shiz 2013-05-22 12:44:24 -04:00
Ken Johnson e03fd8548c abstracted out the validation js, need to add it to signup, then basically write up broken auth for both lack of pwd complexity and username/password enumeration 2013-05-22 11:47:00 -04:00
Ken Johnson 46c1af43cd okay, I swear, last commit of the night. This adds a pwd confirmation field to account update as well as the relevant js 2013-05-22 03:41:28 -04:00
Ken Johnson c60eea0781 prolly about as close as I am gonna get tonight 2013-05-22 03:30:53 -04:00
Ken Johnson 429794e74f rough version of form validation added to app 2013-05-22 02:35:54 -04:00
Ken Johnson c36012c76f added back .rvmrc because it caused issues w/ pow 2013-05-21 11:58:24 -04:00
Ken Johnson 671095e030 added a vuln for broken auth and session mgmt, issue #2 2013-05-21 00:58:11 -04:00
Ken Johnson b2e2a1b4b0 moved delete button away from submit button (duh), and changed delete a user to a POST request after realizing a spider might wreak havoc on that and delete all users 2013-05-21 00:42:56 -04:00
Ken Johnson bd95958f17 added delete button 2013-05-20 22:21:00 -04:00
Ken Johnson b6b4f881f2 fixed lack of pagination within js 2013-05-20 17:45:12 -04:00
Ken Johnson b7eb18276e added homepage to the sidebar as well as added JS to mark the sidebar item as active 2013-05-20 17:40:08 -04:00
Ken Johnson 4337cb9a46 made sure the table refreshes after an update 2013-05-20 17:35:24 -04:00
Ken Johnson 2ec81eb0de removed the button x because it caused some finnicky garbage where the alerts stayed closed 2013-05-20 16:56:44 -04:00
Ken Johnson 5fd72fcd6f update users info via ajax is working, yay. Next thing is we need to move the datatables into an ajax call and so that we can refresh the table upon any changes occuring 2013-05-20 16:31:59 -04:00
Ken Johnson 168c19bdc5 fixed broken js, it was due to a typo in an html comment 2013-05-19 12:16:34 -04:00
Ken Johnson f7dbc482bb added a table to manage users 2013-05-17 14:08:18 -04:00
Ken Johnson a279d06b4c created admin controller 2013-05-17 10:25:56 -04:00
Ken Johnson 5f80211580 added an administrative method intended to be used as a before filter within the application controller as well as an is_admin? method 2013-05-16 17:56:31 -04:00
Ken Johnson 10956ed316 unded fix position on sidebar because I realized you cannot see the entire thing even if you scroll down :-( 2013-05-10 12:08:41 -04:00
Ken Johnson 16729c3be6 adding material to the tutorial "home" page 2013-05-09 19:18:43 -04:00
Ken Johnson 648af6a4c8 added a hint dropdown to every tutorial section 2013-05-09 17:59:11 -04:00
Ken Johnson 38e76161c5 made the change systemic 2013-05-09 13:56:50 -04:00
Ken Johnson f11f4895d6 fixed the sidebars 2013-05-09 13:55:38 -04:00
Ken Johnson 30c5736413 caused too much unexpected weirdness although would have been fun as a bug, had to remove 2013-04-28 15:23:43 -04:00
Ken Johnson 713e28b753 might have added a subtle bug ;-) 2013-04-28 02:58:24 -04:00
Ken Johnson d01e508bc3 added email validation and tthen saved any params they were entering during signup in an @user object 2013-04-28 02:49:02 -04:00
Ken Johnson 6d24bf8993 made some changes to the update profile 2013-04-25 16:51:45 -04:00
Ken Johnson 6a3dec43f8 just create a profile update page 2013-04-25 15:52:08 -04:00
Ken Johnson 9c37eb99a1 lost track of what I was doing so I cant tell you what Ive done, heh 2013-04-25 15:23:07 -04:00
Ken Johnson 01c246c902 added a bunch of wording 2013-04-25 14:49:20 -04:00
Ken Johnson db19e5d990 went ahead and filled in XSS 2013-04-25 13:40:50 -04:00
Ken Johnson 726526eabf added a sidebar element, an index to let ppl know how to get started, and some logic to get users to the tutorials and back into the app regardless of auth or not 2013-04-25 02:11:11 -04:00
Ken Johnson 41371cff1e finished templating the individual vulns 2013-04-25 01:57:54 -04:00
Ken Johnson fda47b3643 changed a bunch of stuff 2013-04-25 01:54:10 -04:00