Railsgoat and Ruby on Rails Security
The Open Web Application Security Project or “OWASP” is an organization dedicated to non-profit (open source) efforts that enhance the security of applications whether mobile, web, or other. We have contributed tutorial-driven, purposefully vulnerable applications to this organization in an effort to further educate software developers. Simply put, we wanted to give free high-quality training and OWASP is a great medium for doing so.
Our latest contribution is named Railsgoat, details of which (installation, about, etc.) can be found at the Unofficial Project Page and the OWASP Official Wiki Page. The purpose of this application is to provide Rails-focused security professionals and software developers with a training tool that helps the user find, attack, and fix vulnerabilities on the Ruby on Rails platform.
Here are some photos of the application:
- OWASP Top 10, 2010 Driven Vulnerabilities
- Ruby on Rails specific vulnerabilities
- Semi-realistic, scalable HR application
- Choose your own adventure style of training
- Rails Framework v3.2
- Code Flaw and Remediation Examples
On the Roadmap:
- A version developed in Rails 4.x
- OWASP Top 10 - 2013
- More functionality and more bugs
- Tutorials on running in AWS or Heroku environment
- Virtual Machine
We hope you find this project useful. All feature requests or bug submissions can be posted via the GitHub site.
~nVisium Security Team