OWASP Rails Goat Project
A vulnerable version of Rails that includes vulnerabilities from the OWASP Top 10.
Unofficial but maintained project page which includes tutorials, getting started, FAQ, etc. 
NodeGoat is developed by a worldwide team of volunteers. The contributors to date have been:
- Ken Johnson
- Mike McCabe
- Al Snow
- James Espinosa
Submit GitHub Pull Requests to add code. Submit Issues to make feature requests.
To contribute, or to know more, contact at ken (DOT) johnson (AT) owasp (DOT) org
| PROJECT INFO
What does this OWASP project offer you?
| RELEASE(S) INFO|
What releases are available for this project?
From the Unofficial project page
The idea is simple. Free training for both developers and security professionals. All of it specific to the Ruby on Rails framework.