team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
188 Commits 1 Branch 0 Tags
6f71d7eda700d9489dff866df435db5dbbe4e62b
Commit Graph

93 Commits

Author SHA1 Message Date
cktricky 17e082a63e I believe the secure_compare tutorial is complete 2013-08-18 20:46:40 -04:00
cktricky 5b6b88a4ba fixed broken auth numbering and also the incorrect accordion labels within insecure_compare 2013-08-18 20:18:33 -04:00
cktricky bc74edf28d lastest work towards the secure_compare tutorial 2013-08-18 20:10:36 -04:00
cktricky 979b6a229a working on avoiding timing attacks piece 2013-08-17 21:27:33 -04:00
cktricky d909f55ab9 initial write-up for gauntlt 2013-08-08 21:25:52 -04:00
cktricky 077e45c819 Merge branch 'master' of github.com:OWASP/railsgoat into top-10-2013 2013-08-08 16:59:14 -04:00
cktricky 65eb2caeaf made a suggestion based on digininjas comment on Rails tutorials blog post. Better to change method name to hash_password than encrypt_password 2013-08-08 16:57:58 -04:00
cktricky 66445167bd shifting tutorials 2013-07-28 19:59:03 -04:00
cktricky f67bd0f5ed correct naming within the command injection tutorial 2013-07-28 19:44:51 -04:00
Ken Johnson 14c1fb367d added a tutorial for command injection 2013-07-10 20:42:04 -04:00
Ken Johnson 82b5809bee almost finished with the write-up for the command injection vulnerability 2013-07-10 11:41:36 -04:00
Ken Johnson 1a79471ef8 trying to fix a bug where you have to click twice on the tutorial credentials button 2013-06-20 11:28:29 -04:00
Ken Johnson 2e052828a6 taskbar / active enhancement 2013-06-16 00:49:28 -04:00
Ken Johnson 7b900bda2d fixes issue #24 2013-06-10 16:25:14 -04:00
Ken Johnson 56381fe318 fixed issue #25 2013-06-10 15:27:21 -04:00
Ken Johnson 5ea8006fc1 closes issue #22 2013-06-07 09:05:11 -04:00
Ken Johnson 39d2e9d79f finished CSRF/AJAX, closes issue #21 2013-06-06 22:40:52 -04:00
Ken Johnson d445e59a98 this fixes issue #20, seriously, no clue how I missed the missing constantize code 2013-06-06 16:43:58 -04:00
Ken Johnson bdf3f20955 added a license 2013-06-04 14:17:12 -04:00
Ken Johnson b76283910c holding off on the last issue until i confirm whether or not oreoshake can cover secure headers here 2013-06-04 14:06:10 -04:00
Ken Johnson bb2985018d closes issue #7 2013-06-04 13:59:41 -04:00
Ken Johnson 089e9540ac finished admin filter and write-up for issue #6 2013-06-04 11:49:59 -04:00
Ken Johnson b0ace5ebef added write-up for issue #8 2013-06-04 11:24:39 -04:00
Ken Johnson ef2b2e8e11 okay, finally got a working redirect vuln 2013-06-04 11:00:01 -04:00
Ken Johnson e1dfb8309c finished the write-up for crytpo vuln, close issue #5 2013-06-03 18:08:21 -04:00
Ken Johnson 6d5623a423 changed SQLi vuln location, did write-up, closes issue #1 2013-06-03 12:31:34 -04:00
Ken Johnson 2ac771ca50 Issue #3 can be closed, write-up and vuln complete for A4 2013-06-03 01:54:07 -04:00
Ken Johnson 912c34a26e finished the writeup for password complexity 2013-06-03 01:11:51 -04:00
Ken Johnson 88ea613da6 okay, write-up finished 2013-06-02 23:32:37 -04:00
Ken Johnson e97afb9bb4 added a very dangerous, very serious vulnerability (constantize 2013-06-02 22:42:29 -04:00
Ken Johnson caecb88e30 prepping for constantize 2013-06-02 20:35:01 -04:00
Ken Johnson 570eafa01b this closes issue #9 2013-06-02 20:19:31 -04:00
Ken Johnson 4e445375fa created the info disclosure write-up. Close issue #16 2013-06-02 12:39:04 -04:00
Ken Johnson c63275b3b3 dashboard figures actually indicate correct values now 2013-05-31 15:54:25 -04:00
Ken Johnson 4813ba9349 added visualization chart for performance history 2013-05-31 15:20:58 -04:00
Ken Johnson 379c442049 I have added the performance model, controller, route and seed data, now I am working on the actual visual aspects of the page 2013-05-31 14:45:31 -04:00
Ken Johnson 08a8c60276 added route, controller, model, sidebar link, and basic index page for the work info section so that we can render user data 2013-05-31 10:48:20 -04:00
Ken Johnson 3016af35c7 got rid of the extras on the sidebar 2013-05-28 11:06:21 -04:00
Ken Johnson 923abddb89 working on the PTO section 2013-05-27 09:38:34 -04:00
Ken Johnson af763d40bf added the PTO section 2013-05-24 20:54:07 -04:00
Ken Johnson 96e0095878 moving in the right direction 2013-05-24 19:51:09 -04:00
Ken Johnson 0d841124f5 assigned a user id, does not "appear" to have screwed anything up 2013-05-24 15:25:06 -04:00
Ken Johnson 31ce6ab1b5 test 2013-05-24 13:19:44 -04:00
Ken Johnson a10ba8c66c aws ignore 2013-05-24 12:42:50 -04:00
Ken Johnson 18740a7226 working on the dashboard, added some pie charts 2013-05-24 00:03:07 -04:00
Ken Johnson 4579d6e916 finished the first XSS example 2013-05-23 20:29:03 -04:00
Ken Johnson dbbb2ce651 finished the first instance of broken auth and sess mgmt 2013-05-23 20:06:24 -04:00
Ken Johnson c71ef0ccfd fixed some broken elements and added content to broken auth 2013-05-23 17:59:59 -04:00
Ken Johnson 9e92619294 refactored remaining tutorials 2013-05-23 17:12:39 -04:00
Ken Johnson 65dc8369e9 refactored url access and misconfig 2013-05-23 17:08:35 -04:00