team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
131 Commits 1 Branch 0 Tags
b0ace5ebef768fde896bbf4f85ca178ce53aa647
Commit Graph

71 Commits

Author SHA1 Message Date
Ken Johnson b0ace5ebef added write-up for issue #8 2013-06-04 11:24:39 -04:00
Ken Johnson ef2b2e8e11 okay, finally got a working redirect vuln 2013-06-04 11:00:01 -04:00
Ken Johnson e1dfb8309c finished the write-up for crytpo vuln, close issue #5 2013-06-03 18:08:21 -04:00
Ken Johnson 6d5623a423 changed SQLi vuln location, did write-up, closes issue #1 2013-06-03 12:31:34 -04:00
Ken Johnson 2ac771ca50 Issue #3 can be closed, write-up and vuln complete for A4 2013-06-03 01:54:07 -04:00
Ken Johnson 912c34a26e finished the writeup for password complexity 2013-06-03 01:11:51 -04:00
Ken Johnson 88ea613da6 okay, write-up finished 2013-06-02 23:32:37 -04:00
Ken Johnson e97afb9bb4 added a very dangerous, very serious vulnerability (constantize 2013-06-02 22:42:29 -04:00
Ken Johnson caecb88e30 prepping for constantize 2013-06-02 20:35:01 -04:00
Ken Johnson 570eafa01b this closes issue #9 2013-06-02 20:19:31 -04:00
Ken Johnson 4e445375fa created the info disclosure write-up. Close issue #16 2013-06-02 12:39:04 -04:00
Ken Johnson c63275b3b3 dashboard figures actually indicate correct values now 2013-05-31 15:54:25 -04:00
Ken Johnson 4813ba9349 added visualization chart for performance history 2013-05-31 15:20:58 -04:00
Ken Johnson 379c442049 I have added the performance model, controller, route and seed data, now I am working on the actual visual aspects of the page 2013-05-31 14:45:31 -04:00
Ken Johnson 08a8c60276 added route, controller, model, sidebar link, and basic index page for the work info section so that we can render user data 2013-05-31 10:48:20 -04:00
Ken Johnson 3016af35c7 got rid of the extras on the sidebar 2013-05-28 11:06:21 -04:00
Ken Johnson 923abddb89 working on the PTO section 2013-05-27 09:38:34 -04:00
Ken Johnson af763d40bf added the PTO section 2013-05-24 20:54:07 -04:00
Ken Johnson 96e0095878 moving in the right direction 2013-05-24 19:51:09 -04:00
Ken Johnson 0d841124f5 assigned a user id, does not "appear" to have screwed anything up 2013-05-24 15:25:06 -04:00
Ken Johnson 31ce6ab1b5 test 2013-05-24 13:19:44 -04:00
Ken Johnson a10ba8c66c aws ignore 2013-05-24 12:42:50 -04:00
Ken Johnson 18740a7226 working on the dashboard, added some pie charts 2013-05-24 00:03:07 -04:00
Ken Johnson 4579d6e916 finished the first XSS example 2013-05-23 20:29:03 -04:00
Ken Johnson dbbb2ce651 finished the first instance of broken auth and sess mgmt 2013-05-23 20:06:24 -04:00
Ken Johnson c71ef0ccfd fixed some broken elements and added content to broken auth 2013-05-23 17:59:59 -04:00
Ken Johnson 9e92619294 refactored remaining tutorials 2013-05-23 17:12:39 -04:00
Ken Johnson 65dc8369e9 refactored url access and misconfig 2013-05-23 17:08:35 -04:00
Ken Johnson 958de07b4a refactored insecure dor 2013-05-23 17:01:43 -04:00
Ken Johnson 4b8b2243c3 refactored xss 2013-05-23 16:59:36 -04:00
Ken Johnson b280d84955 refactored injection 2013-05-23 16:57:18 -04:00
Ken Johnson 51aa8701f2 refactoring tutorial instances into partials for extensibility 2013-05-23 16:55:27 -04:00
Ken Johnson c72178a665 changed formatting of a paragraph element with a class of desc 2013-05-23 16:42:49 -04:00
Ken Johnson f674a57440 awesome. now we show code snippets in a much better way. Peeps who add to the tutorials will need to enclose code w/ <pre class="ruby></pre> 2013-05-23 15:18:39 -04:00
Ken Johnson a877e93780 abstracted out tutorial as I start writing these up, otherwise the html is going to get incredibly cluttered 2013-05-22 13:26:00 -04:00
Ken Johnson e03fd8548c abstracted out the validation js, need to add it to signup, then basically write up broken auth for both lack of pwd complexity and username/password enumeration 2013-05-22 11:47:00 -04:00
Ken Johnson c60eea0781 prolly about as close as I am gonna get tonight 2013-05-22 03:30:53 -04:00
Ken Johnson 429794e74f rough version of form validation added to app 2013-05-22 02:35:54 -04:00
Ken Johnson c36012c76f added back .rvmrc because it caused issues w/ pow 2013-05-21 11:58:24 -04:00
Ken Johnson 671095e030 added a vuln for broken auth and session mgmt, issue #2 2013-05-21 00:58:11 -04:00
Ken Johnson b2e2a1b4b0 moved delete button away from submit button (duh), and changed delete a user to a POST request after realizing a spider might wreak havoc on that and delete all users 2013-05-21 00:42:56 -04:00
Ken Johnson bd95958f17 added delete button 2013-05-20 22:21:00 -04:00
Ken Johnson b6b4f881f2 fixed lack of pagination within js 2013-05-20 17:45:12 -04:00
Ken Johnson b7eb18276e added homepage to the sidebar as well as added JS to mark the sidebar item as active 2013-05-20 17:40:08 -04:00
Ken Johnson 4337cb9a46 made sure the table refreshes after an update 2013-05-20 17:35:24 -04:00
Ken Johnson 5fd72fcd6f update users info via ajax is working, yay. Next thing is we need to move the datatables into an ajax call and so that we can refresh the table upon any changes occuring 2013-05-20 16:31:59 -04:00
Ken Johnson 168c19bdc5 fixed broken js, it was due to a typo in an html comment 2013-05-19 12:16:34 -04:00
Ken Johnson f7dbc482bb added a table to manage users 2013-05-17 14:08:18 -04:00
Ken Johnson 16729c3be6 adding material to the tutorial "home" page 2013-05-09 19:18:43 -04:00
Ken Johnson 38e76161c5 made the change systemic 2013-05-09 13:56:50 -04:00