team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
659 Commits 1 Branch 0 Tags
f8c771a84bacc76227c465ee5518df34d6425ff2
Commit Graph

59 Commits

Author SHA1 Message Date
cktricky 50a9fee280 still experimenting with the flow 2015-01-07 09:34:53 -05:00
cktricky 09ba2b3270 going to dynamically load the tutorial page depending on the route folks decide to take 2015-01-06 19:43:23 -05:00
cktricky c1e5a8684a changing the home page 2015-01-06 17:59:06 -05:00
cktricky 0242907ce6 starting from scratch on how to get started 2015-01-06 16:55:16 -05:00
cktricky d6f5d38f77 removing the send tutorial for now 2014-10-23 16:41:54 -05:00
cktricky ef2bc20c97 working on the httponly tutorial 2014-09-11 11:01:56 -04:00
cktricky 286e89ea36 removed the tutorial snippet about using Rails 3.2.11 since this is no longer the case; under the insecure components section. Also, changed the partials name to first (from second), and renumbered the collapsable sections. Ran tests, all seems good to go 2014-08-19 12:32:19 -04:00
cktricky 04109a2366 working on a new vulnerability 2014-07-28 14:43:14 -04:00
James Espinosa 7e4fad462b Convert file indentation to spaces 2014-07-05 20:17:27 -05:00
James Espinosa 68e6a01743 Clean up trailing and leading whitespace 2014-07-05 19:15:32 -05:00
cktricky 2f5dbb7d82 Merge branch 'metaprogramming' 2014-05-22 15:39:39 -06:00
cktricky 7acc17aea3 everything checks out re: unit tests. Additionally, this closes issue #112 (seriously, are we up to 112 issues already?) 2014-05-22 10:56:29 -06:00
cktricky 8ed2714f3f changed constantize to metaprogramming for the addition of tutorials specific to metaprogramming flaws. In addition, the messages portion of the app needed some generic TLC so I have removed the "new" view in order to bring that functionality into the seed message page/view. 2014-05-20 14:25:45 -04:00
cktricky 77fcf26abd working on a tutorial for the scope injection / sql injection 2014-04-17 20:51:16 -04:00
cktricky 8e4e084dc9 Fixes #99. We have added the hogan method for escaping user input and added a tutorial 2014-04-17 12:51:02 -04:00
cktricky 8140cb3a1b added the basic template of a tutorial guide for the newly added logic flaw, now I have to fill it out :-( (j/k) 2014-03-16 16:19:07 -04:00
cktricky e49b43f899 added the verbose model attributes finding under the exposure section within the tutorials 2014-03-12 20:28:59 -04:00
cktricky 4b0560a250 whew, now THAT is a huge tutorial explanation for a relatively simple issue! 2014-03-12 18:59:38 -04:00
cktricky f53ab56e92 fixes a bug introduced during the transition from info_disclosure to A6 2013-11-14 11:06:27 -05:00
Mike McCabe af8776a3ea halfway done A7 2013-11-13 18:23:38 -05:00
cktricky 8c672fd2fc fixed the route 2013-11-13 12:16:48 -05:00
Mike McCabe f0ca17df79 updating the information for A9 fixes #27 2013-11-13 11:47:29 -05:00
Mike McCabe fe9d8b266f adding security misconfig text 2013-11-12 18:55:14 -05:00
cktricky 6950accce4 a6 exposure, working on the wording for SSNs being stored in the clear 2013-11-12 17:44:27 -05:00
cktricky 64f2ad9f9e very minor sidebar change 2013-10-14 08:46:21 -04:00
cktricky f9bbbe0a54 oops 2013-10-14 08:44:09 -04:00
cktricky 6897996394 merged 2013-10-14 08:42:27 -04:00
cktricky 940181f397 merged some content 2013-10-14 08:39:20 -04:00
cktricky d2bc7d740a minor fix 2013-10-14 08:36:52 -04:00
cktricky 979b6a229a working on avoiding timing attacks piece 2013-08-17 21:27:33 -04:00
cktricky d909f55ab9 initial write-up for gauntlt 2013-08-08 21:25:52 -04:00
Ken Johnson 82b5809bee almost finished with the write-up for the command injection vulnerability 2013-07-10 11:41:36 -04:00
Ken Johnson ef2b2e8e11 okay, finally got a working redirect vuln 2013-06-04 11:00:01 -04:00
Ken Johnson 912c34a26e finished the writeup for password complexity 2013-06-03 01:11:51 -04:00
Ken Johnson caecb88e30 prepping for constantize 2013-06-02 20:35:01 -04:00
Ken Johnson 570eafa01b this closes issue #9 2013-06-02 20:19:31 -04:00
Ken Johnson 4e445375fa created the info disclosure write-up. Close issue #16 2013-06-02 12:39:04 -04:00
Ken Johnson e483f1b2cd cleaned up the tutorial home page 2013-05-30 17:05:48 -04:00
Ken Johnson 31ce6ab1b5 test 2013-05-24 13:19:44 -04:00
Ken Johnson 9e92619294 refactored remaining tutorials 2013-05-23 17:12:39 -04:00
Ken Johnson 65dc8369e9 refactored url access and misconfig 2013-05-23 17:08:35 -04:00
Ken Johnson 958de07b4a refactored insecure dor 2013-05-23 17:01:43 -04:00
Ken Johnson 4b8b2243c3 refactored xss 2013-05-23 16:59:36 -04:00
Ken Johnson b280d84955 refactored injection 2013-05-23 16:57:18 -04:00
Ken Johnson 51aa8701f2 refactoring tutorial instances into partials for extensibility 2013-05-23 16:55:27 -04:00
Ken Johnson f674a57440 awesome. now we show code snippets in a much better way. Peeps who add to the tutorials will need to enclose code w/ <pre class="ruby></pre> 2013-05-23 15:18:39 -04:00
Ken Johnson a877e93780 abstracted out tutorial as I start writing these up, otherwise the html is going to get incredibly cluttered 2013-05-22 13:26:00 -04:00
Ken Johnson 10956ed316 unded fix position on sidebar because I realized you cannot see the entire thing even if you scroll down :-( 2013-05-10 12:08:41 -04:00
Ken Johnson 16729c3be6 adding material to the tutorial "home" page 2013-05-09 19:18:43 -04:00
Ken Johnson 648af6a4c8 added a hint dropdown to every tutorial section 2013-05-09 17:59:11 -04:00