Difference between revisions of "OWASP Rails Goat Project"

From OWASP
Jump to: navigation, search
Line 14: Line 14:
  
 
[[Category:OWASP Project]]
 
[[Category:OWASP Project]]
 +
 +
 +
{{Railsgoat Info
 +
| project_name = Railsgoat
 +
| project_home_page = http://railsgoat.cktricky.com
 +
| project_description = Free training tool, vulnerable version of Ruby on Rails with Tutorials
 +
| project_license = MIT
 +
| leader_name[1-10] = Ken Johnson, Mike McCabe
 +
| leader_email[1-10] = ken.johnson@owasp.org, mike.mccabe@owasp.org
 +
}}

Revision as of 17:02, 24 August 2014

[edit]

Railsgoat is a vulnerable version of the Ruby on Rails Framework and includes vulnerabilities from the OWASP Top 10, as well as some "extras" the initial project contributors felt worthwhile to share. This project is designed to educate both developers as well as security professionals. More information can be found at the "Unofficial" project site, listed below.

The unofficial but maintained project page which includes tutorials, getting started, FAQ, etc. RailsGoat Unofficial Homepage

OWASP Project Header.jpg

OWASP Railsgoat Project

This is a Rails application which is vulnerable to the OWASP Top 10. It is intended to show how each of these categories of vulnerabilities can manifest themselves in a Rails-specific way as well as provide the subsequent mitigations for each.

Introduction

Ruby on Rails is an incredibly popular web development framework. There are security concerns whether it be configuration related or language specific, developer-introduced vulnerabilities. Railsgoat comes pre-packaged with a tutorial section that covers the description of an issue, where the code flaw exists within the application, solution (for attack and prevention/mitigation), as well as a hint for those that would like to try and find the vulnerabilities themselves.

Additionally, Railsgoat contains Unit-Tests that demonstrate the basics of writing security-based Unit-Tests.

Description

Licensing

OWASP Railsgoat is free to use. It is licensed under the MIT license.

Project Leader

Ken Johnson & Mike McCabe

Quick Download


Classifications

Owasp-incubator-trans-85.png Owasp-builders-small.png
Owasp-defenders-small.png
Cc-button-y-sa-small.png
Project Type Files CODE.jpg


Volunteers

NodeGoat is developed by a worldwide team of volunteers. The contributors to date have been:

  • Ken Johnson
  • Mike McCabe
  • Al Snow
  • James Espinosa

Others

Road Map

https://github.com/OWASP/railsgoat/issues

Getting Involved

Submit GitHub Pull Requests to add code. Submit Issues to make feature requests.

To contribute, or to know more, contact at ken (DOT) johnson (AT) owasp (DOT) org

PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: OWASP Railsgoat Project (home page)
Purpose: This is a Rails application which is vulnerable to the OWASP Top 10. It is intended to show how each of these categories of vulnerabilities can manifest themselves in a Rails-specific way as well as provide the subsequent mitigations for each.
License: MIT License
who is working on this project?
Project Leader(s):
  • Ken Johnson @
  • Mike McCabe @
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: N/A
Project Roadmap: Not Yet Created
Key Contacts
  • Contact Ken Johnson @ to contribute to this project
  • Contact Ken Johnson @ to review or sponsor this project
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
https://github.com/OWASP/railsgoat
last reviewed release
Not Yet Reviewed


other releases


From the Unofficial project page

The idea is simple. Free training for both developers and security professionals. All of it specific to the Ruby on Rails framework.Template:Railsgoat Info