team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
519 Commits 1 Branch 0 Tags
8ed2714f3fe4c05bd0b83e9fe3c06adf565810c1
Commit Graph

206 Commits

Author SHA1 Message Date
cktricky 8ed2714f3f changed constantize to metaprogramming for the addition of tutorials specific to metaprogramming flaws. In addition, the messages portion of the app needed some generic TLC so I have removed the "new" view in order to bring that functionality into the seed message page/view. 2014-05-20 14:25:45 -04:00
cktricky 2ef2209f70 resolves issue #121 by saving JSAPI and HTML5 shim locally within Railsgoat 2014-05-19 08:54:58 -04:00
cktricky d2bd77a461 the latest sqli tutorial leveraging @forced_request modifications. We really need some more unit-tests for all this new functionality 2014-04-17 22:07:58 -04:00
cktricky 77fcf26abd working on a tutorial for the scope injection / sql injection 2014-04-17 20:51:16 -04:00
John Poulin 4bff205e81 added in johns constantize change as well as some other stuff like CSS fun 2014-04-17 20:10:53 -04:00
John Poulin 196b732b91 Fixed bug in analytics view 2014-04-17 20:04:32 -04:00
John Poulin 3f63480022 Added Analytics function to track user hits by ip address, referrer and user agent 2014-04-17 20:03:50 -04:00
John Poulin 5056f77395 Added codefix example for CSS context XSS. 2014-04-17 20:03:17 -04:00
John Poulin e760fc0087 merging 2014-04-17 20:03:14 -04:00
cktricky 8e4e084dc9 Fixes #99. We have added the hogan method for escaping user input and added a tutorial 2014-04-17 12:51:02 -04:00
cktricky 8cb6ff36ac removed needless diff stuff 2014-04-17 11:37:02 -04:00
cktricky 366edc3b09 not sure if this is working 2014-04-17 11:33:18 -04:00
cktricky c7cd7c4272 Fixes #100. Added some verbiage that makes it clearer that a user should click on the PDF(s) 2014-04-17 08:43:29 -04:00
cktricky d4c882a1c7 Fixes #107. Added some verbiage surrounding the SQL Injection tutorial 2014-04-17 08:09:02 -04:00
cktricky 8febd39252 hopefully nothing changed 2014-04-16 14:40:30 -04:00
cktricky 59946e056c changed motorcross to motocross everywhere that it used. Closes or resolves issue #104 2014-03-26 12:58:48 -04:00
cktricky 7a89ae6f17 added the tutorial for the newest logic flaw 2014-03-16 22:10:19 -04:00
cktricky 8140cb3a1b added the basic template of a tutorial guide for the newly added logic flaw, now I have to fill it out :-( (j/k) 2014-03-16 16:19:07 -04:00
cktricky d11617f272 while the pay page could use further refinement from a visual aspect, it is completely working and ready for a tutorial 2014-03-16 16:10:12 -04:00
cktricky 41a596aba0 added some necessary comments to the pay page 2014-03-16 15:37:47 -04:00
cktricky 87f9c825ba a function to decrypt has been added to the mix 2014-03-16 15:26:33 -04:00
cktricky 3a5818c493 the basics of a working remember-me-logic-flaw completed :-) 2014-03-15 22:30:31 -04:00
cktricky 1f922916d2 have the ability now to update a row of direct deposit information as well as leverage the encryption routine to introduce a serious flaw 2014-03-15 21:58:42 -04:00
cktricky 9951af6170 added row, now working on deletion of a column 2014-03-15 15:46:01 -04:00
cktricky 16eaefefdf view portion of adding a column almost complete, then backend logic 2014-03-15 15:29:45 -04:00
cktricky 7a4efaa950 added the basic components to begin working on the pay index view 2014-03-15 10:28:52 -04:00
cktricky 2c8781ebc1 added a pay controller and model 2014-03-14 20:29:14 -04:00
cktricky 62920b535c Merge branch 'master' of github.com:OWASP/railsgoat into pr-96 2014-03-14 14:00:56 -04:00
cktricky ec8a187833 fixed the checkbox layout, etc. 2014-03-14 12:50:45 -04:00
cktricky e49b43f899 added the verbose model attributes finding under the exposure section within the tutorials 2014-03-12 20:28:59 -04:00
cktricky 4b0560a250 whew, now THAT is a huge tutorial explanation for a relatively simple issue! 2014-03-12 18:59:38 -04:00
relotnek b9f61b3686 stylistic elements 2014-03-11 21:18:48 -04:00
relotnek 18a1e219b7 added rememberme checkbox to new session form 2014-03-11 20:34:47 -04:00
cktricky c559bd5602 updated tutorial to reflect changes to the correct code listed within the user model 2014-03-09 20:16:54 -04:00
ecneladis 84fd9503ca Removed duplicated code from exemplary validations for password 2014-03-06 19:40:33 +01:00
cktricky 80e9fd11a8 minor UI improvements on the Forgot Password and Register pages 2013-12-24 08:46:43 -05:00
cktricky e757f33c0a UI improvements for the login page 2013-12-24 08:35:29 -05:00
Mike McCabe abe22b19e9 adding password rest method and changing some logic around 2013-12-11 22:25:02 -05:00
James Espinosa da1845e8f9 Implement working mailer and controller 2013-12-04 00:57:32 -06:00
James Espinosa 26e04deb9f Implement basic password reset mailer 2013-11-25 19:36:33 -06:00
James Espinosa 93d7c2bd44 Add mailtrap.io SMTP settings 2013-11-24 23:57:52 -06:00
James Espinosa 9a5f04cefd Update button, for consistency 2013-11-24 20:48:07 -06:00
James Espinosa a9fad698e8 Minor code cleanup, for readability 2013-11-24 20:42:17 -06:00
James Espinosa 5db8eab564 Fix typo, should be password 2013-11-24 20:34:18 -06:00
Mike McCabe ce239e84be oops, maybe I should actually run the tests before committing 2013-11-23 17:59:41 -05:00
Mike McCabe c7515af6ab adding basic forgot password controller and views 2013-11-23 16:04:48 -05:00
Mike McCabe 4801dc518a fixing two A5 typos 2013-11-14 11:26:31 -05:00
Mike McCabe 3ec9765ca3 small update to A7 2013-11-14 11:24:15 -05:00
cktricky f53ab56e92 fixes a bug introduced during the transition from info_disclosure to A6 2013-11-14 11:06:27 -05:00
cktricky b9e2723175 closes issue #30 2013-11-14 10:59:20 -05:00