team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
447 Commits 1 Branch 0 Tags
ed73ab47e7b9780e6b818f684d5fc43a17bf0765
Commit Graph

78 Commits

Author SHA1 Message Date
cktricky 2c8781ebc1 added a pay controller and model 2014-03-14 20:29:14 -04:00
cktricky 7823eadf3c first round of tests look okay, now we can re-use this function :-) 2014-03-14 16:32:44 -04:00
cktricky 62920b535c Merge branch 'master' of github.com:OWASP/railsgoat into pr-96 2014-03-14 14:00:56 -04:00
cktricky d0e825fc17 making sure this is up to date 2014-03-14 14:00:51 -04:00
cktricky 48ddc99955 some basic api functionality with a few gotchas 2014-03-12 17:45:08 -04:00
relotnek 4e6006dcc8 added before_create generate token to user model 2014-03-11 20:29:43 -04:00
relotnek e7c30151d4 added token to users model and generate token method to users controller 2014-03-11 20:28:15 -04:00
ecneladis 84fd9503ca Removed duplicated code from exemplary validations for password 2014-03-06 19:40:33 +01:00
cktricky b84c8d4cc7 finished write-up for broken auth 2013-11-14 10:47:27 -05:00
cktricky b605a42812 got the code kicked off so we can encrypt SSN(s) in the database 2013-11-13 19:51:42 -05:00
cktricky efcb7b8c4b working on encryption 2013-11-13 18:24:26 -05:00
cktricky d9956caec1 removed orig file 2013-11-13 14:18:25 -05:00
cktricky 665ccb2167 removed orig file and also began encryption related stuff for ssn(s) 2013-11-13 14:01:29 -05:00
cktricky 14bff998dd Merge branch 'master' of github.com:OWASP/railsgoat into top-10-2013 2013-11-12 16:07:23 -05:00
cktricky 86035a1cbd appears to have solved the issue with our code printing stderrs 2013-10-27 22:38:38 -04:00
cktricky 11480ac853 tests are working again, I will work on surpressing the errors. Also merged @jasnow work 2013-10-27 21:46:12 -04:00
cktricky 6d1c0c7869 merging 2013-10-27 20:17:52 -04:00
cktricky 7c1d52320a does not fix the error that occurs (as it should, but that we want to obfuscate) when a command is injected into, however, it does pass the build and does not break the entire call 2013-10-23 17:11:28 -05:00
cktricky c6e42901c7 fixing a mistake 2013-10-22 10:38:23 -04:00
cktricky 1817251af5 changes 2013-10-22 10:38:00 -04:00
Mike McCabe 3820b78066 fixing this function that was not explicitly using the params 2013-10-22 10:16:09 -04:00
cktricky b7c3b04c74 this seems to have fixed a nuisance error within our unit-tests. Issue #57 2013-10-22 00:58:48 -04:00
cktricky 753840a276 this seems to have fixed a nuisance error within our unit-tests. Issue #57 2013-10-22 00:57:32 -04:00
cktricky a65a20a647 Merge branch 'master' of github.com:OWASP/railsgoat into top-10-2013 2013-10-14 08:29:39 -04:00
Mike McCabe 8c17a3df0e adding messaging function, needs tests... 2013-10-13 21:49:17 -04:00
Mike McCabe 8686f6b9d3 adding messages mvc to allow users to send messages. 2013-10-11 16:03:37 -04:00
Mike McCabe dbd0c2548d making full_name method public 2013-10-11 16:03:37 -04:00
cktricky e2c4fb4bd8 change to the user model based on a merge with master. Master is the correct code 2013-10-11 12:04:19 -04:00
cktricky da061c79b6 intended to remove some of the weirdness when updating a users account. A blank password basically ends up causing the previously existing password to be hashed twice. Probably move to has_secure_password at some point although that may end up screwing up the intent of the particular tutorial item 2013-09-30 13:03:03 -04:00
cktricky ef8a9c1a46 merged with master 2013-09-27 21:55:50 -04:00
chrismo e0bca0139e Added command injection Capybara spec. 2013-09-27 14:59:30 -05:00
cktricky c56dbe54a7 no change really 2013-09-11 10:58:46 -04:00
cktricky aab489ef40 fix for performance bug 2013-09-10 21:58:29 -04:00
cktricky 6f71d7eda7 bug fix w/ the performance section 2013-09-10 21:57:03 -04:00
cktricky d5801f0684 Merge branch 'master' of github.com:OWASP/railsgoat into top-10-2013 2013-09-10 13:31:48 -04:00
Michael McCabe 69c180e845 minor changes to spec_helper and user model 2013-09-06 15:54:06 -04:00
cktricky bc74edf28d lastest work towards the secure_compare tutorial 2013-08-18 20:10:36 -04:00
cktricky 3c7a3fc9e4 still working on the timing attack prevention tutorial 2013-08-18 17:39:13 -04:00
cktricky 979b6a229a working on avoiding timing attacks piece 2013-08-17 21:27:33 -04:00
cktricky 65eb2caeaf made a suggestion based on digininjas comment on Rails tutorials blog post. Better to change method name to hash_password than encrypt_password 2013-08-08 16:57:58 -04:00
Ken Johnson 14c1fb367d added a tutorial for command injection 2013-07-10 20:42:04 -04:00
Ken Johnson ce6f32a1a2 working command injection in fileupload, closes issue #23 2013-07-09 16:36:03 -04:00
Ken Johnson ea2014b637 I have exhausted all thoughts on how to actually get jquery file upload to work, so screw it, I am just going to make something homegrown for tomorrow 2013-07-09 13:53:00 -04:00
Ken Johnson ef2b2e8e11 okay, finally got a working redirect vuln 2013-06-04 11:00:01 -04:00
Ken Johnson e1dfb8309c finished the write-up for crytpo vuln, close issue #5 2013-06-03 18:08:21 -04:00
Ken Johnson 0b09e0d4c1 added the primary insecure crypto storage vuln 2013-06-03 12:52:24 -04:00
Ken Johnson 912c34a26e finished the writeup for password complexity 2013-06-03 01:11:51 -04:00
Ken Johnson 06dce1f8b2 I believe this has resolved the dependent destruction and we can close issue #18 2013-06-02 13:08:56 -04:00
Ken Johnson 0319cc4768 added a few things here. Firstly, I fixed the broken delete function with the admin page. Secondly, whenever you register for this application, we will automatically populate your user data to make the application functional. Seemed like the easiest way to do this 2013-06-01 00:19:07 -04:00
Ken Johnson c63275b3b3 dashboard figures actually indicate correct values now 2013-05-31 15:54:25 -04:00