team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
473 Commits 1 Branch 0 Tags
d4c882a1c7b348b129d0ca8b8113ffd197c2105f
Commit Graph

88 Commits

Author SHA1 Message Date
cktricky d4c882a1c7 Fixes #107. Added some verbiage surrounding the SQL Injection tutorial 2014-04-17 08:09:02 -04:00
cktricky 59946e056c changed motorcross to motocross everywhere that it used. Closes or resolves issue #104 2014-03-26 12:58:48 -04:00
cktricky 7a89ae6f17 added the tutorial for the newest logic flaw 2014-03-16 22:10:19 -04:00
cktricky 8140cb3a1b added the basic template of a tutorial guide for the newly added logic flaw, now I have to fill it out :-( (j/k) 2014-03-16 16:19:07 -04:00
cktricky e49b43f899 added the verbose model attributes finding under the exposure section within the tutorials 2014-03-12 20:28:59 -04:00
cktricky 4b0560a250 whew, now THAT is a huge tutorial explanation for a relatively simple issue! 2014-03-12 18:59:38 -04:00
cktricky c559bd5602 updated tutorial to reflect changes to the correct code listed within the user model 2014-03-09 20:16:54 -04:00
ecneladis 84fd9503ca Removed duplicated code from exemplary validations for password 2014-03-06 19:40:33 +01:00
Mike McCabe 4801dc518a fixing two A5 typos 2013-11-14 11:26:31 -05:00
Mike McCabe 3ec9765ca3 small update to A7 2013-11-14 11:24:15 -05:00
cktricky f53ab56e92 fixes a bug introduced during the transition from info_disclosure to A6 2013-11-14 11:06:27 -05:00
cktricky b9e2723175 closes issue #30 2013-11-14 10:59:20 -05:00
cktricky edfe5b646e fixed category number and this closes issue #35 2013-11-14 10:52:04 -05:00
cktricky 419a051da9 Merge branch 'top-10-2013' of github.com:OWASP/railsgoat into top-10-2013 2013-11-14 10:47:44 -05:00
cktricky b84c8d4cc7 finished write-up for broken auth 2013-11-14 10:47:27 -05:00
Mike McCabe e116d8b096 finishing A7 2013-11-14 10:34:35 -05:00
cktricky 890717b7ea write-up complete for exposure 2013-11-14 10:10:58 -05:00
cktricky e764efe1d4 working on A6 tutorial write-up now that the code is working 2013-11-14 09:39:57 -05:00
Mike McCabe af8776a3ea halfway done A7 2013-11-13 18:23:38 -05:00
cktricky 8c672fd2fc fixed the route 2013-11-13 12:16:48 -05:00
Mike McCabe f0ca17df79 updating the information for A9 fixes #27 2013-11-13 11:47:29 -05:00
Mike McCabe fe9d8b266f adding security misconfig text 2013-11-12 18:55:14 -05:00
cktricky 6950accce4 a6 exposure, working on the wording for SSNs being stored in the clear 2013-11-12 17:44:27 -05:00
cktricky 655b636c38 Merge branch 'top-10-2013' of github.com:OWASP/railsgoat into top-10-2013 2013-11-12 16:12:49 -05:00
Mike McCabe c06140659c updated description with owasp one 2013-11-12 16:10:38 -05:00
cktricky 14bff998dd Merge branch 'master' of github.com:OWASP/railsgoat into top-10-2013 2013-11-12 16:07:23 -05:00
Michael McCabe 7833b85837 updating description with owasp 2013 description 2013-11-12 15:24:07 -05:00
Michael McCabe cf1b5dc124 updating description with owasp 2013 description 2013-11-12 13:55:24 -05:00
GSMcNamara 09c0f07d8b Lowercased a letter. 2013-11-07 15:06:05 -05:00
GSMcNamara 7ddec28bcc Removed apostrophe 2013-11-07 15:02:31 -05:00
GSMcNamara 813711d79e Grammar fix. 2013-11-07 14:56:18 -05:00
cktricky 17e082a63e I believe the secure_compare tutorial is complete 2013-08-18 20:46:40 -04:00
cktricky 5b6b88a4ba fixed broken auth numbering and also the incorrect accordion labels within insecure_compare 2013-08-18 20:18:33 -04:00
cktricky bc74edf28d lastest work towards the secure_compare tutorial 2013-08-18 20:10:36 -04:00
cktricky 979b6a229a working on avoiding timing attacks piece 2013-08-17 21:27:33 -04:00
cktricky d909f55ab9 initial write-up for gauntlt 2013-08-08 21:25:52 -04:00
cktricky 077e45c819 Merge branch 'master' of github.com:OWASP/railsgoat into top-10-2013 2013-08-08 16:59:14 -04:00
cktricky 65eb2caeaf made a suggestion based on digininjas comment on Rails tutorials blog post. Better to change method name to hash_password than encrypt_password 2013-08-08 16:57:58 -04:00
cktricky 66445167bd shifting tutorials 2013-07-28 19:59:03 -04:00
cktricky f67bd0f5ed correct naming within the command injection tutorial 2013-07-28 19:44:51 -04:00
Ken Johnson 14c1fb367d added a tutorial for command injection 2013-07-10 20:42:04 -04:00
Ken Johnson 82b5809bee almost finished with the write-up for the command injection vulnerability 2013-07-10 11:41:36 -04:00
Ken Johnson 1a79471ef8 trying to fix a bug where you have to click twice on the tutorial credentials button 2013-06-20 11:28:29 -04:00
Ken Johnson 7b900bda2d fixes issue #24 2013-06-10 16:25:14 -04:00
Ken Johnson 5ea8006fc1 closes issue #22 2013-06-07 09:05:11 -04:00
Ken Johnson 39d2e9d79f finished CSRF/AJAX, closes issue #21 2013-06-06 22:40:52 -04:00
Ken Johnson d445e59a98 this fixes issue #20, seriously, no clue how I missed the missing constantize code 2013-06-06 16:43:58 -04:00
Ken Johnson bdf3f20955 added a license 2013-06-04 14:17:12 -04:00
Ken Johnson b76283910c holding off on the last issue until i confirm whether or not oreoshake can cover secure headers here 2013-06-04 14:06:10 -04:00
Ken Johnson bb2985018d closes issue #7 2013-06-04 13:59:41 -04:00