railsgoat

Author	SHA1	Message	Date
Ken Johnson	39d2e9d79f	finished CSRF/AJAX, closes issue #21	2013-06-06 22:40:52 -04:00
Ken Johnson	d445e59a98	this fixes issue #20 , seriously, no clue how I missed the missing constantize code	2013-06-06 16:43:58 -04:00
Ken Johnson	9d42453b05	removed pesky files	2013-06-04 16:00:30 -04:00
Ken Johnson	bdf3f20955	added a license	2013-06-04 14:17:12 -04:00
Ken Johnson	b76283910c	holding off on the last issue until i confirm whether or not oreoshake can cover secure headers here	2013-06-04 14:06:10 -04:00
Ken Johnson	bb2985018d	closes issue #7	2013-06-04 13:59:41 -04:00
Ken Johnson	089e9540ac	finished admin filter and write-up for issue #6	2013-06-04 11:49:59 -04:00
Ken Johnson	b0ace5ebef	added write-up for issue #8	2013-06-04 11:24:39 -04:00
Ken Johnson	ef2b2e8e11	okay, finally got a working redirect vuln	2013-06-04 11:00:01 -04:00
Ken Johnson	e1dfb8309c	finished the write-up for crytpo vuln, close issue #5	2013-06-03 18:08:21 -04:00
Ken Johnson	0b09e0d4c1	added the primary insecure crypto storage vuln	2013-06-03 12:52:24 -04:00
Ken Johnson	6d5623a423	changed SQLi vuln location, did write-up, closes issue #1	2013-06-03 12:31:34 -04:00
Ken Johnson	6528b56de6	added a sql injection vulnerability	2013-06-03 02:19:36 -04:00
Ken Johnson	2ac771ca50	Issue #3 can be closed, write-up and vuln complete for A4	2013-06-03 01:54:07 -04:00
Ken Johnson	14251e6f39	added Insecure dor vuln	2013-06-03 01:29:16 -04:00
Ken Johnson	912c34a26e	finished the writeup for password complexity	2013-06-03 01:11:51 -04:00
Ken Johnson	88ea613da6	okay, write-up finished	2013-06-02 23:32:37 -04:00
Ken Johnson	86695e9e07	removed excess commented code	2013-06-02 22:42:50 -04:00
Ken Johnson	e97afb9bb4	added a very dangerous, very serious vulnerability (constantize	2013-06-02 22:42:29 -04:00
Ken Johnson	caecb88e30	prepping for constantize	2013-06-02 20:35:01 -04:00
Ken Johnson	570eafa01b	this closes issue #9	2013-06-02 20:19:31 -04:00
Ken Johnson	06dce1f8b2	I believe this has resolved the dependent destruction and we can close issue #18	2013-06-02 13:08:56 -04:00
Ken Johnson	4e445375fa	created the info disclosure write-up. Close issue #16	2013-06-02 12:39:04 -04:00
Ken Johnson	1267661c6a	seems the signup bug has been fixed, I would close this for now	2013-06-01 19:49:01 -04:00
Ken Johnson	0319cc4768	added a few things here. Firstly, I fixed the broken delete function with the admin page. Secondly, whenever you register for this application, we will automatically populate your user data to make the application functional. Seemed like the easiest way to do this	2013-06-01 00:19:07 -04:00
Ken Johnson	38fcc263bd	update account is now an ajax call	2013-05-31 22:10:32 -04:00
Ken Johnson	417aca2078	keeping changes up to date	2013-05-31 19:55:49 -04:00
Ken Johnson	6199beb780	we are going to fix this by automatically generating data for ppl that register HOWEVER, just in case that fails for some reason, I have applied a filter that ensures if some data is not associated with a person they cannot navigate to all aspects of the application. This is a preventive measure	2013-05-31 19:02:00 -04:00
Ken Johnson	c63275b3b3	dashboard figures actually indicate correct values now	2013-05-31 15:54:25 -04:00
Ken Johnson	3cab9810fc	hehe	2013-05-31 15:22:13 -04:00
Ken Johnson	4813ba9349	added visualization chart for performance history	2013-05-31 15:20:58 -04:00
Ken Johnson	379c442049	I have added the performance model, controller, route and seed data, now I am working on the actual visual aspects of the page	2013-05-31 14:45:31 -04:00
Ken Johnson	2fa68be920	added the last part to the SSN related vuln	2013-05-31 13:59:57 -04:00
Ken Johnson	f8e21af3e0	added a new vulnerability plus completed the work info page	2013-05-31 11:41:54 -04:00
Ken Johnson	97ca13632d	removed mass assignment of user_id in the users model	2013-05-31 11:08:38 -04:00
Ken Johnson	08a8c60276	added route, controller, model, sidebar link, and basic index page for the work info section so that we can render user data	2013-05-31 10:48:20 -04:00
Ken Johnson	a599ca9862	so now, when you add a PTO scheduled date, the calendar on your PTO page automatically updates to show this event :-)	2013-05-31 10:31:35 -04:00
Ken Johnson	a6a38c773e	added validation for all schedule fields (presence of) and working on a new way to dynamically update your calendar upon submission of a new calendar event	2013-05-31 00:31:13 -04:00
Ken Johnson	e483f1b2cd	cleaned up the tutorial home page	2013-05-30 17:05:48 -04:00
Ken Johnson	9d5cebbfa0	normalize	2013-05-30 16:05:03 -04:00
Ken Johnson	d2ac6aee6d	added content to the 401k section and change some stuff	2013-05-30 15:59:01 -04:00
Ken Johnson	23bc521787	got rid of mass assignment in certain areas	2013-05-30 12:52:43 -04:00
Ken Johnson	ff36b0fab5	working way to update your scheduled PTO	2013-05-30 12:11:50 -04:00
Ken Johnson	8044080b25	fixed height w/ JS	2013-05-28 16:11:03 -04:00
Ken Johnson	caf348f189	made some big changes here. The schedule had a has_one relationship with the PTO model. That is a problem since we only get one result back. meaning, a user cant have multiple scheduled events. This has been fixed with the use of has_many within the PTO model. Now, in relation to the PTO section, the next changes to happen are to be a fully functional create action that allows an event to be schedule, the form and controller has already been created. Umm, also, a calendar has been added and when we get the results back from a call to the create event action we will update that calendar. Think that is about it for now	2013-05-28 12:48:35 -04:00
Ken Johnson	3016af35c7	got rid of the extras on the sidebar	2013-05-28 11:06:21 -04:00
Ken Johnson	92c07b49c1	putting in a calendar to show any scheduled PTO days	2013-05-28 11:01:52 -04:00
Ken Johnson	a1712f78a3	added another chart for PTO and fixed badly named method	2013-05-28 10:41:04 -04:00
Ken Johnson	657db353c4	working on new chart for PTO	2013-05-28 10:12:31 -04:00
Ken Johnson	9feae35f5f	switching to a different graph	2013-05-28 09:44:17 -04:00

1 2 3

128 Commits