team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
145 Commits 1 Branch 0 Tags
5ea8006fc10845a8a677e062785626e63f8f697d
Commit Graph

145 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ken Johnson 5ea8006fc1 closes issue #22 2013-06-07 09:05:11 -04:00
Ken Johnson 39d2e9d79f finished CSRF/AJAX, closes issue #21 2013-06-06 22:40:52 -04:00
Ken Johnson cc38bd3f2a testing to see if I have commit access 2013-06-06 20:52:09 -04:00
Ken Johnson db952a3dd9 Merge branch 'master' of github.com:cktricky/railsgoat 2013-06-06 16:44:07 -04:00
Ken Johnson d445e59a98 this fixes issue #20, seriously, no clue how I missed the missing constantize code 2013-06-06 16:43:58 -04:00
Ken Johnson f126ad49da Merge pull request #19 from presidentbeef/remove_ds_store 
Remove and ignore .DS_Store files
 2013-06-04 13:05:13 -07:00
Ken Johnson 215bc8614c removed orig 2013-06-04 16:04:58 -04:00
Ken Johnson dc96bf524d merged 2013-06-04 16:04:12 -04:00
Ken Johnson 9d42453b05 removed pesky files 2013-06-04 16:00:30 -04:00
Justin Collins d9f4ac72d5 Remove and ignore .DS_Store files 2013-06-04 11:54:39 -07:00
Ken Johnson bdf3f20955 added a license 2013-06-04 14:17:12 -04:00
Ken Johnson b76283910c holding off on the last issue until i confirm whether or not oreoshake can cover secure headers here 2013-06-04 14:06:10 -04:00
Ken Johnson bb2985018d closes issue #7 2013-06-04 13:59:41 -04:00
Ken Johnson 089e9540ac finished admin filter and write-up for issue #6 2013-06-04 11:49:59 -04:00
Ken Johnson b0ace5ebef added write-up for issue #8 2013-06-04 11:24:39 -04:00
Ken Johnson ef2b2e8e11 okay, finally got a working redirect vuln 2013-06-04 11:00:01 -04:00
Ken Johnson e1dfb8309c finished the write-up for crytpo vuln, close issue #5 2013-06-03 18:08:21 -04:00
Ken Johnson 0b09e0d4c1 added the primary insecure crypto storage vuln 2013-06-03 12:52:24 -04:00
Ken Johnson 6d5623a423 changed SQLi vuln location, did write-up, closes issue #1 2013-06-03 12:31:34 -04:00
Ken Johnson 6528b56de6 added a sql injection vulnerability 2013-06-03 02:19:36 -04:00
Ken Johnson 2ac771ca50 Issue #3 can be closed, write-up and vuln complete for A4 2013-06-03 01:54:07 -04:00
Ken Johnson 14251e6f39 added Insecure dor vuln 2013-06-03 01:29:16 -04:00
Ken Johnson 912c34a26e finished the writeup for password complexity 2013-06-03 01:11:51 -04:00
Ken Johnson 88ea613da6 okay, write-up finished 2013-06-02 23:32:37 -04:00
Ken Johnson 86695e9e07 removed excess commented code 2013-06-02 22:42:50 -04:00
Ken Johnson e97afb9bb4 added a very dangerous, very serious vulnerability (constantize 2013-06-02 22:42:29 -04:00
Ken Johnson caecb88e30 prepping for constantize 2013-06-02 20:35:01 -04:00
Ken Johnson 570eafa01b this closes issue #9 2013-06-02 20:19:31 -04:00
Ken Johnson 06dce1f8b2 I believe this has resolved the dependent destruction and we can close issue #18 2013-06-02 13:08:56 -04:00
Ken Johnson 4e445375fa created the info disclosure write-up. Close issue #16 2013-06-02 12:39:04 -04:00
Ken Johnson 1267661c6a seems the signup bug has been fixed, I would close this for now 2013-06-01 19:49:01 -04:00
Ken Johnson 8f1ee5ccbe trying this 2013-06-01 01:09:01 -04:00
Ken Johnson 1938dee509 complained about compilation in prod env 2013-06-01 00:58:59 -04:00
Ken Johnson 0319cc4768 added a few things here. Firstly, I fixed the broken delete function with the admin page. Secondly, whenever you register for this application, we will automatically populate your user data to make the application functional. Seemed like the easiest way to do this 2013-06-01 00:19:07 -04:00
Ken Johnson 38fcc263bd update account is now an ajax call 2013-05-31 22:10:32 -04:00
Ken Johnson 417aca2078 keeping changes up to date 2013-05-31 19:55:49 -04:00
Ken Johnson 6199beb780 we are going to fix this by automatically generating data for ppl that register HOWEVER, just in case that fails for some reason, I have applied a filter that ensures if some data is not associated with a person they cannot navigate to all aspects of the application. This is a preventive measure 2013-05-31 19:02:00 -04:00
Ken Johnson c63275b3b3 dashboard figures actually indicate correct values now 2013-05-31 15:54:25 -04:00
Ken Johnson 3cab9810fc hehe 2013-05-31 15:22:13 -04:00
Ken Johnson 4813ba9349 added visualization chart for performance history 2013-05-31 15:20:58 -04:00
Ken Johnson 379c442049 I have added the performance model, controller, route and seed data, now I am working on the actual visual aspects of the page 2013-05-31 14:45:31 -04:00
Ken Johnson 2fa68be920 added the last part to the SSN related vuln 2013-05-31 13:59:57 -04:00
Ken Johnson f8e21af3e0 added a new vulnerability plus completed the work info page 2013-05-31 11:41:54 -04:00
Ken Johnson 97ca13632d removed mass assignment of user_id in the users model 2013-05-31 11:08:38 -04:00
Ken Johnson 08a8c60276 added route, controller, model, sidebar link, and basic index page for the work info section so that we can render user data 2013-05-31 10:48:20 -04:00
Ken Johnson a599ca9862 so now, when you add a PTO scheduled date, the calendar on your PTO page automatically updates to show this event :-) 2013-05-31 10:31:35 -04:00
Ken Johnson a6a38c773e added validation for all schedule fields (presence of) and working on a new way to dynamically update your calendar upon submission of a new calendar event 2013-05-31 00:31:13 -04:00
Ken Johnson e483f1b2cd cleaned up the tutorial home page 2013-05-30 17:05:48 -04:00
Ken Johnson 9d5cebbfa0 normalize 2013-05-30 16:05:03 -04:00
Ken Johnson d2ac6aee6d added content to the 401k section and change some stuff 2013-05-30 15:59:01 -04:00