b97d5f3976
Fixing an error...
...
Incorrect credentials
2017-11-13 14:44:37 -05:00
d3fce41e60
change to idiomatic use of layouts versus regular views
...
no functional change here, but familiar Rails users will see view files in the
locations they expect. this also slightly simplifies controller code
there is one attendant change in the wiki at `rails_3/A1-SQL-Injection-Interpolation.md`
that I'm happy to make after the PR is merged.
2017-09-27 19:22:44 -05:00
efe81fb6a6
okay, a lot of changes but this basically gets us out of tutorials being hosted locally
2015-03-25 19:32:12 -04:00
50a9fee280
still experimenting with the flow
2015-01-07 09:34:53 -05:00
09ba2b3270
going to dynamically load the tutorial page depending on the route folks decide to take
2015-01-06 19:43:23 -05:00
c1e5a8684a
changing the home page
2015-01-06 17:59:06 -05:00
0242907ce6
starting from scratch on how to get started
2015-01-06 16:55:16 -05:00
d6f5d38f77
removing the send tutorial for now
2014-10-23 16:41:54 -05:00
ef2bc20c97
working on the httponly tutorial
2014-09-11 11:01:56 -04:00
286e89ea36
removed the tutorial snippet about using Rails 3.2.11 since this is no longer the case; under the insecure components section. Also, changed the partials name to first (from second), and renumbered the collapsable sections. Ran tests, all seems good to go
2014-08-19 12:32:19 -04:00
04109a2366
working on a new vulnerability
2014-07-28 14:43:14 -04:00
7e4fad462b
Convert file indentation to spaces
2014-07-05 20:17:27 -05:00
68e6a01743
Clean up trailing and leading whitespace
2014-07-05 19:15:32 -05:00
2f5dbb7d82
Merge branch 'metaprogramming'
2014-05-22 15:39:39 -06:00
7acc17aea3
everything checks out re: unit tests. Additionally, this closes issue #112 (seriously, are we up to 112 issues already?)
2014-05-22 10:56:29 -06:00
8ed2714f3f
changed constantize to metaprogramming for the addition of tutorials specific to metaprogramming flaws. In addition, the messages portion of the app needed some generic TLC so I have removed the "new" view in order to bring that functionality into the seed message page/view.
2014-05-20 14:25:45 -04:00
77fcf26abd
working on a tutorial for the scope injection / sql injection
2014-04-17 20:51:16 -04:00
8e4e084dc9
Fixes #99 . We have added the hogan method for escaping user input and added a tutorial
2014-04-17 12:51:02 -04:00
8140cb3a1b
added the basic template of a tutorial guide for the newly added logic flaw, now I have to fill it out :-( (j/k)
2014-03-16 16:19:07 -04:00
e49b43f899
added the verbose model attributes finding under the exposure section within the tutorials
2014-03-12 20:28:59 -04:00
4b0560a250
whew, now THAT is a huge tutorial explanation for a relatively simple issue!
2014-03-12 18:59:38 -04:00
f53ab56e92
fixes a bug introduced during the transition from info_disclosure to A6
2013-11-14 11:06:27 -05:00
af8776a3ea
halfway done A7
2013-11-13 18:23:38 -05:00
8c672fd2fc
fixed the route
2013-11-13 12:16:48 -05:00
f0ca17df79
updating the information for A9 fixes #27
2013-11-13 11:47:29 -05:00
fe9d8b266f
adding security misconfig text
2013-11-12 18:55:14 -05:00
6950accce4
a6 exposure, working on the wording for SSNs being stored in the clear
2013-11-12 17:44:27 -05:00
64f2ad9f9e
very minor sidebar change
2013-10-14 08:46:21 -04:00
f9bbbe0a54
oops
2013-10-14 08:44:09 -04:00
6897996394
merged
2013-10-14 08:42:27 -04:00
940181f397
merged some content
2013-10-14 08:39:20 -04:00
d2bc7d740a
minor fix
2013-10-14 08:36:52 -04:00
979b6a229a
working on avoiding timing attacks piece
2013-08-17 21:27:33 -04:00
d909f55ab9
initial write-up for gauntlt
2013-08-08 21:25:52 -04:00
82b5809bee
almost finished with the write-up for the command injection vulnerability
2013-07-10 11:41:36 -04:00
ef2b2e8e11
okay, finally got a working redirect vuln
2013-06-04 11:00:01 -04:00
912c34a26e
finished the writeup for password complexity
2013-06-03 01:11:51 -04:00
caecb88e30
prepping for constantize
2013-06-02 20:35:01 -04:00
570eafa01b
this closes issue #9
2013-06-02 20:19:31 -04:00
4e445375fa
created the info disclosure write-up. Close issue #16
2013-06-02 12:39:04 -04:00
e483f1b2cd
cleaned up the tutorial home page
2013-05-30 17:05:48 -04:00
31ce6ab1b5
test
2013-05-24 13:19:44 -04:00
9e92619294
refactored remaining tutorials
2013-05-23 17:12:39 -04:00
65dc8369e9
refactored url access and misconfig
2013-05-23 17:08:35 -04:00
958de07b4a
refactored insecure dor
2013-05-23 17:01:43 -04:00
4b8b2243c3
refactored xss
2013-05-23 16:59:36 -04:00
b280d84955
refactored injection
2013-05-23 16:57:18 -04:00
51aa8701f2
refactoring tutorial instances into partials for extensibility
2013-05-23 16:55:27 -04:00
f674a57440
awesome. now we show code snippets in a much better way. Peeps who add to the tutorials will need to enclose code w/ <pre class="ruby></pre>
2013-05-23 15:18:39 -04:00
a877e93780
abstracted out tutorial as I start writing these up, otherwise the html is going to get incredibly cluttered
2013-05-22 13:26:00 -04:00
Ken Johnson