team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
195 Commits 1 Branch 0 Tags
b1a388249641acd2f72e4425b45c5adacddefb86
Commit Graph

13 Commits

Author SHA1 Message Date
chrismo b1a3882496 Mass assignment spec added 2013-10-01 17:14:21 -05:00
chrismo 85b0c7608b Info disclosure spec added 2013-10-01 16:47:06 -05:00
chrismo 0021ddd036 Unvalidated redirect spec added 2013-10-01 16:20:15 -05:00
chrismo 4f1526e021 URL access spec added 2013-10-01 16:06:21 -05:00
chrismo 0df6735b53 Added example of CSRF vulnerability in csrf_spec. 2013-09-30 15:29:36 -05:00
chrismo 8e238e1d81 Insecure Direct Object Reference spec added. 
This includes two scenarios - the work_info one mentioned in the
tutorials, but also one allowing downloading of source code, which may
belong somewhere else as I haven't worked through all the tutorials yet.
 2013-09-27 18:05:45 -05:00
chrismo 1c8b6e9e17 Broken Authorization specs added. 2013-09-27 17:30:57 -05:00
chrismo 269d5a0075 XSS Capybara spec added. 2013-09-27 16:58:33 -05:00
chrismo e0bca0139e Added command injection Capybara spec. 2013-09-27 14:59:30 -05:00
chrismo df9efa915b Capybara added to demonstrate vulnerabilities. 
Adding Capybara to verify replay-ability of hacking vulnerabilities. I
imagine these may want to be kept on a different branch for QA and
educational purposes, but not distributed with master when forked.

This commit also includes demonstrating the SQL Injection vulnerability.
 2013-09-27 10:35:59 -05:00
Michael McCabe 16d1150375 adding basic tests or user model, more to come 2013-09-06 15:55:08 -04:00
Michael McCabe 69c180e845 minor changes to spec_helper and user model 2013-09-06 15:54:06 -04:00
cktricky 2a4a7a5440 that was painful but managed to install gauntlt. Turns out you need to revert to minitest 4 (not 5, for the love of humantiy, not 5). Also, added rspec (not sure that did anything). Lastly, aruba and gauntlt. So, we now have a dir explicitly for attack files. 2013-08-08 14:04:52 -04:00