team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
190 Commits 1 Branch 0 Tags
c10b6be50478b2988d27ad9ccdca823aeb7c8bfb
Commit Graph

151 Commits

Author SHA1 Message Date
cktricky c56dbe54a7 no change really 2013-09-11 10:58:46 -04:00
cktricky 6f71d7eda7 bug fix w/ the performance section 2013-09-10 21:57:03 -04:00
cktricky d5801f0684 Merge branch 'master' of github.com:OWASP/railsgoat into top-10-2013 2013-09-10 13:31:48 -04:00
Michael McCabe 69c180e845 minor changes to spec_helper and user model 2013-09-06 15:54:06 -04:00
cktricky 17e082a63e I believe the secure_compare tutorial is complete 2013-08-18 20:46:40 -04:00
cktricky 5b6b88a4ba fixed broken auth numbering and also the incorrect accordion labels within insecure_compare 2013-08-18 20:18:33 -04:00
cktricky bc74edf28d lastest work towards the secure_compare tutorial 2013-08-18 20:10:36 -04:00
cktricky 3c7a3fc9e4 still working on the timing attack prevention tutorial 2013-08-18 17:39:13 -04:00
cktricky 979b6a229a working on avoiding timing attacks piece 2013-08-17 21:27:33 -04:00
cktricky d909f55ab9 initial write-up for gauntlt 2013-08-08 21:25:52 -04:00
cktricky 077e45c819 Merge branch 'master' of github.com:OWASP/railsgoat into top-10-2013 2013-08-08 16:59:14 -04:00
cktricky 65eb2caeaf made a suggestion based on digininjas comment on Rails tutorials blog post. Better to change method name to hash_password than encrypt_password 2013-08-08 16:57:58 -04:00
cktricky 66445167bd shifting tutorials 2013-07-28 19:59:03 -04:00
cktricky f67bd0f5ed correct naming within the command injection tutorial 2013-07-28 19:44:51 -04:00
Ken Johnson 14c1fb367d added a tutorial for command injection 2013-07-10 20:42:04 -04:00
Ken Johnson 82b5809bee almost finished with the write-up for the command injection vulnerability 2013-07-10 11:41:36 -04:00
Ken Johnson ce6f32a1a2 working command injection in fileupload, closes issue #23 2013-07-09 16:36:03 -04:00
Ken Johnson ea2014b637 I have exhausted all thoughts on how to actually get jquery file upload to work, so screw it, I am just going to make something homegrown for tomorrow 2013-07-09 13:53:00 -04:00
Ken Johnson 1a79471ef8 trying to fix a bug where you have to click twice on the tutorial credentials button 2013-06-20 11:28:29 -04:00
Ken Johnson 2e052828a6 taskbar / active enhancement 2013-06-16 00:49:28 -04:00
Ken Johnson 7b900bda2d fixes issue #24 2013-06-10 16:25:14 -04:00
Ken Johnson 56381fe318 fixed issue #25 2013-06-10 15:27:21 -04:00
Ken Johnson 5ea8006fc1 closes issue #22 2013-06-07 09:05:11 -04:00
Ken Johnson 39d2e9d79f finished CSRF/AJAX, closes issue #21 2013-06-06 22:40:52 -04:00
Ken Johnson d445e59a98 this fixes issue #20, seriously, no clue how I missed the missing constantize code 2013-06-06 16:43:58 -04:00
Ken Johnson 9d42453b05 removed pesky files 2013-06-04 16:00:30 -04:00
Ken Johnson bdf3f20955 added a license 2013-06-04 14:17:12 -04:00
Ken Johnson b76283910c holding off on the last issue until i confirm whether or not oreoshake can cover secure headers here 2013-06-04 14:06:10 -04:00
Ken Johnson bb2985018d closes issue #7 2013-06-04 13:59:41 -04:00
Ken Johnson 089e9540ac finished admin filter and write-up for issue #6 2013-06-04 11:49:59 -04:00
Ken Johnson b0ace5ebef added write-up for issue #8 2013-06-04 11:24:39 -04:00
Ken Johnson ef2b2e8e11 okay, finally got a working redirect vuln 2013-06-04 11:00:01 -04:00
Ken Johnson e1dfb8309c finished the write-up for crytpo vuln, close issue #5 2013-06-03 18:08:21 -04:00
Ken Johnson 0b09e0d4c1 added the primary insecure crypto storage vuln 2013-06-03 12:52:24 -04:00
Ken Johnson 6d5623a423 changed SQLi vuln location, did write-up, closes issue #1 2013-06-03 12:31:34 -04:00
Ken Johnson 6528b56de6 added a sql injection vulnerability 2013-06-03 02:19:36 -04:00
Ken Johnson 2ac771ca50 Issue #3 can be closed, write-up and vuln complete for A4 2013-06-03 01:54:07 -04:00
Ken Johnson 14251e6f39 added Insecure dor vuln 2013-06-03 01:29:16 -04:00
Ken Johnson 912c34a26e finished the writeup for password complexity 2013-06-03 01:11:51 -04:00
Ken Johnson 88ea613da6 okay, write-up finished 2013-06-02 23:32:37 -04:00
Ken Johnson 86695e9e07 removed excess commented code 2013-06-02 22:42:50 -04:00
Ken Johnson e97afb9bb4 added a very dangerous, very serious vulnerability (constantize 2013-06-02 22:42:29 -04:00
Ken Johnson caecb88e30 prepping for constantize 2013-06-02 20:35:01 -04:00
Ken Johnson 570eafa01b this closes issue #9 2013-06-02 20:19:31 -04:00
Ken Johnson 06dce1f8b2 I believe this has resolved the dependent destruction and we can close issue #18 2013-06-02 13:08:56 -04:00
Ken Johnson 4e445375fa created the info disclosure write-up. Close issue #16 2013-06-02 12:39:04 -04:00
Ken Johnson 1267661c6a seems the signup bug has been fixed, I would close this for now 2013-06-01 19:49:01 -04:00
Ken Johnson 0319cc4768 added a few things here. Firstly, I fixed the broken delete function with the admin page. Secondly, whenever you register for this application, we will automatically populate your user data to make the application functional. Seemed like the easiest way to do this 2013-06-01 00:19:07 -04:00
Ken Johnson 38fcc263bd update account is now an ajax call 2013-05-31 22:10:32 -04:00
Ken Johnson 417aca2078 keeping changes up to date 2013-05-31 19:55:49 -04:00