OWASP Rails Goat Project

Saltar a: navegación, buscar


Railsgoat is a vulnerable version of the Ruby on Rails Framework and includes vulnerabilities from the OWASP Top 10, as well as some "extras" the initial project contributors felt worthwhile to share. This project is designed to educate both developers as well as security professionals. More information can be found at the "Unofficial" project site, listed below.

The unofficial but maintained project page which includes tutorials, getting started, FAQ, etc. RailsGoat Unofficial Homepage

Project About

What does this OWASP project offer you?
What releases are available for this project?
what is this project?
Name: OWASP Rails Goat Project (home page)
Purpose: This is a Rails application which is vulnerable to the OWASP Top 10. It is intended to show how each of these categories of vulnerabilities can manifest themselves in a Rails-specific way as well as provide the subsequent mitigations for each.
License: Apache 2.0 License (fewest restrictions, even allowing proprietary modifications and proprietary forks of your project)
who is working on this project?
Project Leader(s):
  • Ken Johnson @
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: Mailing List Archives
Project Roadmap: View
Key Contacts
  • Contact Ken Johnson @ to contribute to this project
  • Contact Ken Johnson @ to review or sponsor this project
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
Not Yet Published
last reviewed release
Not Yet Reviewed

other releases

From the Unofficial project page

The idea is simple. Free training for both developers and security professionals. All of it specific to the Ruby on Rails framework.