Railsgoat
A vulnerable version of Rails that follows the OWASP Top 10
Overview
RailsGoat is a vulnerable version of the Ruby on Rails Framework designed to educate developers and security professionals. It includes vulnerabilities from the OWASP Top 10, as well as additional vulnerabilities deemed significant by the project contributors. This project aims to provide a hands-on learning experience in identifying and resolving security vulnerabilities within web applications built on Ruby on Rails.
Features
- OWASP Top 10 Vulnerabilities: Includes common security vulnerabilities outlined by OWASP for educational purposes.
- Support and Troubleshooting Assistance: Assistance available through the OWASP Slack Channel for any queries or issues.
- Docker Installation: Allows easy setup and deployment of RailsGoat using Docker and Docker Compose.
- Capybara Tests: Includes a set of failing Capybara RSpecs representing distinct vulnerabilities within the application.
- MySQL Environment: Provides instructions on setting up and running Railsgoat with MySQL to simulate SQL injection vulnerabilities.
- Email Processing: Guide on running MailCatcher, an SMTP server, to effectively process email within RailsGoat.
- Ruby on Rails
Ruby on Rails, often referred to as Rails, is an open-source web application framework written in Ruby. Known for its convention over configuration and don't repeat yourself (DRY) principles, Rails simplifies and accelerates the development of database-backed web applications.
