team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
337 Commits 1 Branch 0 Tags
3ec9765ca3f4f37fc33144b7bdf8275d9dcdcb57
Commit Graph

159 Commits

Author SHA1 Message Date
Mike McCabe 3ec9765ca3 small update to A7 2013-11-14 11:24:15 -05:00
cktricky f53ab56e92 fixes a bug introduced during the transition from info_disclosure to A6 2013-11-14 11:06:27 -05:00
cktricky b9e2723175 closes issue #30 2013-11-14 10:59:20 -05:00
cktricky edfe5b646e fixed category number and this closes issue #35 2013-11-14 10:52:04 -05:00
cktricky 419a051da9 Merge branch 'top-10-2013' of github.com:OWASP/railsgoat into top-10-2013 2013-11-14 10:47:44 -05:00
cktricky b84c8d4cc7 finished write-up for broken auth 2013-11-14 10:47:27 -05:00
Mike McCabe e116d8b096 finishing A7 2013-11-14 10:34:35 -05:00
cktricky 890717b7ea write-up complete for exposure 2013-11-14 10:10:58 -05:00
cktricky e764efe1d4 working on A6 tutorial write-up now that the code is working 2013-11-14 09:39:57 -05:00
cktricky 98678b0364 Merge branch 'top-10-2013' of github.com:OWASP/railsgoat into top-10-2013 2013-11-13 19:51:59 -05:00
cktricky b605a42812 got the code kicked off so we can encrypt SSN(s) in the database 2013-11-13 19:51:42 -05:00
Mike McCabe aeabbcf8c6 A7 - switching the var used in the view so that non-admins can view the admin panel 2013-11-13 19:14:12 -05:00
Mike McCabe af8776a3ea halfway done A7 2013-11-13 18:23:38 -05:00
cktricky 8c672fd2fc fixed the route 2013-11-13 12:16:48 -05:00
Mike McCabe f0ca17df79 updating the information for A9 fixes #27 2013-11-13 11:47:29 -05:00
Mike McCabe fe9d8b266f adding security misconfig text 2013-11-12 18:55:14 -05:00
cktricky 6950accce4 a6 exposure, working on the wording for SSNs being stored in the clear 2013-11-12 17:44:27 -05:00
cktricky 655b636c38 Merge branch 'top-10-2013' of github.com:OWASP/railsgoat into top-10-2013 2013-11-12 16:12:49 -05:00
Mike McCabe c06140659c updated description with owasp one 2013-11-12 16:10:38 -05:00
cktricky 14bff998dd Merge branch 'master' of github.com:OWASP/railsgoat into top-10-2013 2013-11-12 16:07:23 -05:00
Michael McCabe 7833b85837 updating description with owasp 2013 description 2013-11-12 15:24:07 -05:00
Michael McCabe cf1b5dc124 updating description with owasp 2013 description 2013-11-12 13:55:24 -05:00
GSMcNamara 09c0f07d8b Lowercased a letter. 2013-11-07 15:06:05 -05:00
GSMcNamara 7ddec28bcc Removed apostrophe 2013-11-07 15:02:31 -05:00
GSMcNamara 813711d79e Grammar fix. 2013-11-07 14:56:18 -05:00
cktricky 64f2ad9f9e very minor sidebar change 2013-10-14 08:46:21 -04:00
cktricky f9bbbe0a54 oops 2013-10-14 08:44:09 -04:00
cktricky 6897996394 merged 2013-10-14 08:42:27 -04:00
cktricky 940181f397 merged some content 2013-10-14 08:39:20 -04:00
cktricky d2bc7d740a minor fix 2013-10-14 08:36:52 -04:00
cktricky a65a20a647 Merge branch 'master' of github.com:OWASP/railsgoat into top-10-2013 2013-10-14 08:29:39 -04:00
cktricky f02895351d removed a bit of cruft, also activated the sidebar item when working within the messages section 2013-10-13 23:17:18 -04:00
Mike McCabe 8c17a3df0e adding messaging function, needs tests... 2013-10-13 21:49:17 -04:00
Mike McCabe 8686f6b9d3 adding messages mvc to allow users to send messages. 2013-10-11 16:03:37 -04:00
cktricky 17e082a63e I believe the secure_compare tutorial is complete 2013-08-18 20:46:40 -04:00
cktricky 5b6b88a4ba fixed broken auth numbering and also the incorrect accordion labels within insecure_compare 2013-08-18 20:18:33 -04:00
cktricky bc74edf28d lastest work towards the secure_compare tutorial 2013-08-18 20:10:36 -04:00
cktricky 979b6a229a working on avoiding timing attacks piece 2013-08-17 21:27:33 -04:00
cktricky d909f55ab9 initial write-up for gauntlt 2013-08-08 21:25:52 -04:00
cktricky 077e45c819 Merge branch 'master' of github.com:OWASP/railsgoat into top-10-2013 2013-08-08 16:59:14 -04:00
cktricky 65eb2caeaf made a suggestion based on digininjas comment on Rails tutorials blog post. Better to change method name to hash_password than encrypt_password 2013-08-08 16:57:58 -04:00
cktricky 66445167bd shifting tutorials 2013-07-28 19:59:03 -04:00
cktricky f67bd0f5ed correct naming within the command injection tutorial 2013-07-28 19:44:51 -04:00
Ken Johnson 14c1fb367d added a tutorial for command injection 2013-07-10 20:42:04 -04:00
Ken Johnson 82b5809bee almost finished with the write-up for the command injection vulnerability 2013-07-10 11:41:36 -04:00
Ken Johnson ce6f32a1a2 working command injection in fileupload, closes issue #23 2013-07-09 16:36:03 -04:00
Ken Johnson ea2014b637 I have exhausted all thoughts on how to actually get jquery file upload to work, so screw it, I am just going to make something homegrown for tomorrow 2013-07-09 13:53:00 -04:00
Ken Johnson 1a79471ef8 trying to fix a bug where you have to click twice on the tutorial credentials button 2013-06-20 11:28:29 -04:00
Ken Johnson 2e052828a6 taskbar / active enhancement 2013-06-16 00:49:28 -04:00
Ken Johnson 7b900bda2d fixes issue #24 2013-06-10 16:25:14 -04:00