team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
652 Commits 1 Branch 0 Tags
b2c8e6cf8dbbaf33b548b62aba99aa9512322da9
Commit Graph

73 Commits

Author SHA1 Message Date
Mike McCabe b2c8e6cf8d Merge branch 'master' of github.com:OWASP/railsgoat 2015-02-23 21:30:37 -05:00
Mike McCabe 1eee953f62 adding render vuln 2015-02-23 20:36:53 -05:00
cktricky 907045488d this change allows the app to get the csrf fixes working when running rake training 2015-01-09 11:40:37 -05:00
cktricky 88ed0e2b50 need to create the bar graph version, write up the remaining parts of the tutorial, and ensure it did not break the DOM vuln 2014-07-29 17:56:33 -05:00
James Espinosa 561e404e29 Fixes #142 with dynamic ActionMailer url options 2014-07-25 23:04:19 -05:00
cktricky 2a12765933 slight change to make our cookie even more insecure 2014-06-27 12:05:50 -04:00
cktricky 8595954096 removed alert when an error is thrown 2014-05-26 16:58:26 -04:00
cktricky 8ed2714f3f changed constantize to metaprogramming for the addition of tutorials specific to metaprogramming flaws. In addition, the messages portion of the app needed some generic TLC so I have removed the "new" view in order to bring that functionality into the seed message page/view. 2014-05-20 14:25:45 -04:00
Mike McCabe fceeb94b05 adding mysql env to bundler require 2014-04-17 23:08:55 -04:00
Mike McCabe c0ea2c87a5 adding mysql environment for mysql sql injection tests 2014-04-17 23:03:46 -04:00
Mike McCabe 6975f94381 adding routes. catching nulls 2014-04-17 20:18:39 -04:00
John Poulin 3f63480022 Added Analytics function to track user hits by ip address, referrer and user agent 2014-04-17 20:03:50 -04:00
cktricky 87f9c825ba a function to decrypt has been added to the mix 2014-03-16 15:26:33 -04:00
cktricky 1f922916d2 have the ability now to update a row of direct deposit information as well as leverage the encryption routine to introduce a serious flaw 2014-03-15 21:58:42 -04:00
cktricky 16eaefefdf view portion of adding a column almost complete, then backend logic 2014-03-15 15:29:45 -04:00
cktricky 7a4efaa950 added the basic components to begin working on the pay index view 2014-03-15 10:28:52 -04:00
cktricky 0a647cbbe6 this appears to fix the issue of our test cases breaking. I had specified that if the rails env was a dev env, the key would be a certain value. Instead, it has been changed to any env other than prod 2014-03-14 16:53:44 -04:00
cktricky 7823eadf3c first round of tests look okay, now we can re-use this function :-) 2014-03-14 16:32:44 -04:00
cktricky 4b0560a250 whew, now THAT is a huge tutorial explanation for a relatively simple issue! 2014-03-12 18:59:38 -04:00
cktricky 95eb5a56fd added vulnerable auth check for the API 2014-03-12 15:40:12 -04:00
cktricky 932d2304f9 okay first run at making an API for railsgoat 2014-03-12 12:38:41 -04:00
Mike McCabe abe22b19e9 adding password rest method and changing some logic around 2013-12-11 22:25:02 -05:00
mccabe615 8eb398950f Merge pull request #76 from jamesejr/feature/user_mailer 
Implement Forgot Password Feature
 2013-12-11 09:19:42 -08:00
James Espinosa da1845e8f9 Implement working mailer and controller 2013-12-04 00:57:32 -06:00
James Espinosa 1a3d6d690c Update SMTP settings for Mailcatcher 2013-12-03 21:16:44 -06:00
Al Snow 5cd7a1b9cb Got rid of i18n warning; Rebuilt Gemfile.lock file 2013-12-03 20:35:04 -05:00
James Espinosa 26e04deb9f Implement basic password reset mailer 2013-11-25 19:36:33 -06:00
James Espinosa 93d7c2bd44 Add mailtrap.io SMTP settings 2013-11-24 23:57:52 -06:00
Mike McCabe c7515af6ab adding basic forgot password controller and views 2013-11-23 16:04:48 -05:00
cktricky f53ab56e92 fixes a bug introduced during the transition from info_disclosure to A6 2013-11-14 11:06:27 -05:00
cktricky 447c408699 Merge branch 'top-10-2013' of github.com:OWASP/railsgoat into top-10-2013 2013-11-13 18:24:33 -05:00
cktricky efcb7b8c4b working on encryption 2013-11-13 18:24:26 -05:00
Mike McCabe af8776a3ea halfway done A7 2013-11-13 18:23:38 -05:00
cktricky 9cbdbf01e5 should fix conflicts 2013-11-13 12:19:33 -05:00
cktricky 8c672fd2fc fixed the route 2013-11-13 12:16:48 -05:00
Mike McCabe f0ca17df79 updating the information for A9 fixes #27 2013-11-13 11:47:29 -05:00
Mike McCabe e077ad6815 fixing escaping entities 2013-11-12 19:20:42 -05:00
Mike McCabe fe9d8b266f adding security misconfig text 2013-11-12 18:55:14 -05:00
cktricky 6950accce4 a6 exposure, working on the wording for SSNs being stored in the clear 2013-11-12 17:44:27 -05:00
Mike McCabe 108c8d2e2a turning off whitelisting and entities encoding 2013-11-12 16:11:30 -05:00
cktricky a65a20a647 Merge branch 'master' of github.com:OWASP/railsgoat into top-10-2013 2013-10-14 08:29:39 -04:00
Mike McCabe 8686f6b9d3 adding messages mvc to allow users to send messages. 2013-10-11 16:03:37 -04:00
cktricky d909f55ab9 initial write-up for gauntlt 2013-08-08 21:25:52 -04:00
Ken Johnson ea2014b637 I have exhausted all thoughts on how to actually get jquery file upload to work, so screw it, I am just going to make something homegrown for tomorrow 2013-07-09 13:53:00 -04:00
Ken Johnson 7b900bda2d fixes issue #24 2013-06-10 16:25:14 -04:00
Ken Johnson e97afb9bb4 added a very dangerous, very serious vulnerability (constantize 2013-06-02 22:42:29 -04:00
Ken Johnson caecb88e30 prepping for constantize 2013-06-02 20:35:01 -04:00
Ken Johnson 570eafa01b this closes issue #9 2013-06-02 20:19:31 -04:00
Ken Johnson 4e445375fa created the info disclosure write-up. Close issue #16 2013-06-02 12:39:04 -04:00
Ken Johnson 8f1ee5ccbe trying this 2013-06-01 01:09:01 -04:00