This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Projects/OWASP Rails Goat Project"
Ken johnson (talk | contribs) (→Description: Changed some links and removed nodegoat) (Tag: Visual edit) |
|||
(One intermediate revision by the same user not shown) | |||
Line 1: | Line 1: | ||
+ | =Main= | ||
+ | |||
+ | <div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div> | ||
+ | |||
+ | {| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |- | ||
+ | | valign="top" style="border-right: 1px dotted gray;padding-right:25px;" | | ||
+ | |||
+ | ==OWASP Railsgoat Project== | ||
+ | |||
+ | This is a Rails application which is vulnerable to the OWASP Top 10. It is intended to show how each of these categories of vulnerabilities can manifest themselves in a Rails-specific way as well as provide the subsequent mitigations for each. | ||
+ | |||
+ | ==Introduction== | ||
+ | |||
+ | Ruby on Rails is an incredibly popular web development framework. There are security concerns whether it be configuration related or language specific, developer-introduced vulnerabilities. Railsgoat comes pre-packaged with a tutorial section that covers the description of an issue, where the code flaw exists within the application, solution (for attack and prevention/mitigation), as well as a hint for those that would like to try and find the vulnerabilities themselves. | ||
+ | |||
+ | Additionally, Railsgoat contains Unit-Tests that demonstrate the basics of writing security-based Unit-Tests. | ||
+ | |||
+ | ==Description== | ||
+ | |||
+ | * Project README: https://github.com/OWASP/railsgoat/blob/master/README.md | ||
+ | * Project Wiki: [https://github.com/OWASP/railsgoat/wiki http://railsgoat.cktricky.com] | ||
+ | * Source code: https://github.com/OWASP/railsgoat | ||
+ | |||
+ | ==Licensing== | ||
+ | OWASP Railsgoat is free to use. It is licensed under the MIT license. | ||
+ | |||
+ | | valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" | | ||
+ | |||
+ | == Project Leader == | ||
+ | |||
+ | Ken Johnson & Mike McCabe | ||
+ | |||
+ | == Quick Download == | ||
+ | |||
+ | * https://github.com/OWASP/railsgoat | ||
+ | |||
+ | |||
+ | ==Classifications== | ||
+ | |||
+ | {| width="200" cellpadding="2" | ||
+ | |- | ||
+ | | rowspan="2" align="center" valign="top" width="50%" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]] | ||
+ | | align="center" valign="top" width="50%" | [[File:Owasp-builders-small.png|link=]] | ||
+ | |- | ||
+ | | align="center" valign="top" width="50%" | [[File:Owasp-defenders-small.png|link=]] | ||
+ | |- | ||
+ | | colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]] | ||
+ | |- | ||
+ | | colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]] | ||
+ | |} | ||
+ | |||
+ | |} | ||
+ | |||
+ | = Acknowledgements = | ||
+ | ==Volunteers== | ||
+ | Railsgoat is developed by a worldwide team of volunteers. The contributors to date have been: | ||
+ | |||
+ | * Ken Johnson | ||
+ | * Mike McCabe | ||
+ | * Al Snow | ||
+ | * Joseph Mastey | ||
+ | ==Others== | ||
+ | |||
+ | |||
+ | = Road Map and Getting Involved = | ||
+ | |||
+ | ==Road Map== | ||
+ | |||
+ | https://github.com/OWASP/railsgoat/issues | ||
+ | |||
+ | ==Getting Involved== | ||
+ | |||
+ | Submit GitHub Pull Requests to add code. Submit Issues to make feature requests. | ||
+ | |||
+ | To contribute, or to know more, contact at ken (DOT) johnson (AT) owasp (DOT) org | ||
+ | |||
+ | =FAQs= | ||
+ | |||
+ | =Project About= | ||
{{Template:Project About | {{Template:Project About | ||
− | | project_name =OWASP | + | | project_name =OWASP Railsgoat Project |
− | | project_home_page =OWASP | + | | project_home_page =OWASP Railsgoat Project |
− | | project_description =This is a Rails application which is vulnerable to the OWASP Top 10. It is intended to show how each of these categories of vulnerabilities can manifest themselves in a Rails-specific way as well as provide the subsequent mitigations for each. | + | | project_description = This is a Rails application which is vulnerable to the OWASP Top 10. It is intended to show how each of these categories of vulnerabilities can manifest themselves in a Rails-specific way as well as provide the subsequent mitigations for each. |
− | | project_license = | + | | project_license = MIT License |
| leader_name1 =Ken Johnson | | leader_name1 =Ken Johnson | ||
− | | leader_email1 = | + | | leader_email1 =ken.johnson@owasp.org |
− | | | + | | leader_name2 =Mike McCabe |
− | | | + | | leader_email2 =mike.mccabe@owasp.org |
}} | }} | ||
+ | |||
+ | |||
+ | __NOTOC__ <headertabs /> | ||
+ | |||
+ | [[Category:OWASP Project]] | ||
+ | [[Category:OWASP_Builders]] | ||
+ | [[Category:OWASP_Defenders]] | ||
+ | [[Category:OWASP_Document]] |
Latest revision as of 17:04, 22 February 2018
OWASP Railsgoat ProjectThis is a Rails application which is vulnerable to the OWASP Top 10. It is intended to show how each of these categories of vulnerabilities can manifest themselves in a Rails-specific way as well as provide the subsequent mitigations for each. IntroductionRuby on Rails is an incredibly popular web development framework. There are security concerns whether it be configuration related or language specific, developer-introduced vulnerabilities. Railsgoat comes pre-packaged with a tutorial section that covers the description of an issue, where the code flaw exists within the application, solution (for attack and prevention/mitigation), as well as a hint for those that would like to try and find the vulnerabilities themselves. Additionally, Railsgoat contains Unit-Tests that demonstrate the basics of writing security-based Unit-Tests. Description
LicensingOWASP Railsgoat is free to use. It is licensed under the MIT license. |
Project LeaderKen Johnson & Mike McCabe Quick Download
Classifications |
Volunteers
Railsgoat is developed by a worldwide team of volunteers. The contributors to date have been:
- Ken Johnson
- Mike McCabe
- Al Snow
- Joseph Mastey
Others
Road Map
https://github.com/OWASP/railsgoat/issues
Getting Involved
Submit GitHub Pull Requests to add code. Submit Issues to make feature requests.
To contribute, or to know more, contact at ken (DOT) johnson (AT) owasp (DOT) org
PROJECT INFO What does this OWASP project offer you? |
RELEASE(S) INFO What releases are available for this project? | |||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|