SlideShare a Scribd company logo

OWASP Railsgoat Vulnerable Web App Demo

Download as PPTX, PDF
OWASP Atlanta
OWASP Atlanta

The document introduces Railsgoat, a purposefully vulnerable Rails application created by Ken Johnson for security training. It aligns with the OWASP Top 10 2010 vulnerabilities and is meant to be hacked and tweaked. Instructions are provided on how to get started, install it, and contribute code to the open source project hosted on GitHub. Future plans include updating it to work with Rails 4 and align with the OWASP Top 2013 vulnerabilities.

Technology
1 of 12
RAILSGOAT KEN JOHNSON OWASP ATLANTA- JUNE 20, 2013
WHO AM I?  Really, a question we all face. amiright?  @cktricky on “the twitters”  Ginger  I have many leather-bound books
RAILSGOAT INTRO  Purposefully Vulnerable Rails Application (necessary to specify “purposefully”)  Aligns with the OWASP Top 10 2010  Built for realism
WHY YOU SHOULD USE IT? Q: Pretty, Nice, and Made of spice? A: Absolutely
WHY YOU SHOULD USE IT?  Great learning tool  Tweak-able (not tweaker, that’s a different group)  Built to scale  Come on people, it’s Ruby!!!
OKAY, SO HOW DO I GET STARTED?  Visit the homepage http://railsgoat.cktricky.com  Follow installation instructions  Hack all the things
SUPPORT WINDOWS? I’m not even sure Windows supports Windows
WHERE IS THE CODE HOSTED? GitHub, because I <3 GitHub
ROADMAP No, we aren’t “winging it”, I swear The Roadmap is in the form of GitHub “Issues”. Important additions • Rails 4 • OWASP Top 10, 2013 • More features, more pwnage
CONTRIBUTIONS  You earn one million kencoins (like bitcoins except worthless. Actually…..exactly like bitcoins).  Statues will be built in your honor  Good luck with the paparazzi  fork/commit/push/pull-request
CAN I SEE IT? Only if you have 1 billion kencoins!!!
THANKS You are awesome, slap your hands together repeatedly for yourself.  Twitter - @cktricky  Blogs –  carnal0wnage.attackresearch.com  blog.nvisium.com  cktricky.com (In progress. Very, very slow progress)

Recommended

Bootstrapping a Startup? Have you done your Homework?
Bootstrapping a Startup? Have you done your Homework?Bootstrapping a Startup? Have you done your Homework?
Bootstrapping a Startup? Have you done your Homework?Cricket India
 
Hack your carrer : teach yourself coding
Hack your carrer : teach yourself codingHack your carrer : teach yourself coding
Hack your carrer : teach yourself codingWomen Who Code Tokyo
 
Dmutro Panin JHipster
Dmutro Panin JHipster Dmutro Panin JHipster
Dmutro Panin JHipster Аліна Шепшелей
 
WordCamp Victoria 2013: Plugin Development 2013
WordCamp Victoria 2013: Plugin Development 2013WordCamp Victoria 2013: Plugin Development 2013
WordCamp Victoria 2013: Plugin Development 2013Joey Kudish
 
Week10
Week10Week10
Week10reneedv
 
Build a Web App with JavaScript & jQuery
Build a Web App with JavaScript & jQueryBuild a Web App with JavaScript & jQuery
Build a Web App with JavaScript & jQueryThinkful
 
Biografia inglish
Biografia inglishBiografia inglish
Biografia inglishmaylybustos
 
David sm13 ppt_01
David sm13 ppt_01David sm13 ppt_01
David sm13 ppt_01khanwahab
 

Recommended

Bootstrapping a Startup? Have you done your Homework?
Bootstrapping a Startup? Have you done your Homework?Bootstrapping a Startup? Have you done your Homework?
Bootstrapping a Startup? Have you done your Homework?Cricket India
 
Hack your carrer : teach yourself coding
Hack your carrer : teach yourself codingHack your carrer : teach yourself coding
Hack your carrer : teach yourself codingWomen Who Code Tokyo
 
Dmutro Panin JHipster
Dmutro Panin JHipster Dmutro Panin JHipster
Dmutro Panin JHipster Аліна Шепшелей
 
WordCamp Victoria 2013: Plugin Development 2013
WordCamp Victoria 2013: Plugin Development 2013WordCamp Victoria 2013: Plugin Development 2013
WordCamp Victoria 2013: Plugin Development 2013Joey Kudish
 
Week10
Week10Week10
Week10reneedv
 
Build a Web App with JavaScript & jQuery
Build a Web App with JavaScript & jQueryBuild a Web App with JavaScript & jQuery
Build a Web App with JavaScript & jQueryThinkful
 
Biografia inglish
Biografia inglishBiografia inglish
Biografia inglishmaylybustos
 
David sm13 ppt_01
David sm13 ppt_01David sm13 ppt_01
David sm13 ppt_01khanwahab
 
Mhdiamondsunum 121120193659-phpapp02
Mhdiamondsunum 121120193659-phpapp02Mhdiamondsunum 121120193659-phpapp02
Mhdiamondsunum 121120193659-phpapp02Esra Bayram
 
My babies slide
My babies slideMy babies slide
My babies slideTonya Smith
 
Mega diamond-presentation!
Mega diamond-presentation!Mega diamond-presentation!
Mega diamond-presentation!Esra Bayram
 
教學簡報 Google 日曆-01基礎設定
教學簡報 Google 日曆-01基礎設定教學簡報 Google 日曆-01基礎設定
教學簡報 Google 日曆-01基礎設定馬克 朱
 
OWASP ATL - Social Engineering Technical Controls Presentation
OWASP ATL - Social Engineering Technical Controls PresentationOWASP ATL - Social Engineering Technical Controls Presentation
OWASP ATL - Social Engineering Technical Controls PresentationOWASP Atlanta
 
Biografia inglish
Biografia inglishBiografia inglish
Biografia inglishmaylybustos
 
An Introduction To Shoes
An Introduction To ShoesAn Introduction To Shoes
An Introduction To ShoesTobias Pfeiffer
 
Mistakes I Made Building Netflix for the iPhone
Mistakes I Made Building Netflix for the iPhoneMistakes I Made Building Netflix for the iPhone
Mistakes I Made Building Netflix for the iPhonekentbrew
 
Rails Development That Doesn't Hurt
Rails Development That Doesn't HurtRails Development That Doesn't Hurt
Rails Development That Doesn't HurtAkira Matsuda
 
Do The Work
Do The WorkDo The Work
Do The WorkLori Olson
 
Internet of Things & Open HW for Web Developers
Internet of Things & Open HW for Web DevelopersInternet of Things & Open HW for Web Developers
Internet of Things & Open HW for Web DevelopersTomáš Jukin
 
Shoes lightning
Shoes lightningShoes lightning
Shoes lightningTobias Pfeiffer
 
What rails taught me – Eugene Pirogov
What rails taught me – Eugene PirogovWhat rails taught me – Eugene Pirogov
What rails taught me – Eugene PirogovRuby Meditation
 
An intro to Eleventy
An intro to EleventyAn intro to Eleventy
An intro to EleventyLuciano Mammino
 
Making burgers with JavaScript
Making burgers with JavaScriptMaking burgers with JavaScript
Making burgers with JavaScriptDiogo Antunes
 
Tokyo iOS Meetup - 409 - Testing In XCode
Tokyo iOS Meetup - 409 - Testing In XCodeTokyo iOS Meetup - 409 - Testing In XCode
Tokyo iOS Meetup - 409 - Testing In XCodeippoipposoftware
 
Intro to Rails
Intro to RailsIntro to Rails
Intro to Railslvrubygroup
 
Google Assistant Overview
Google Assistant Overview Google Assistant Overview
Google Assistant Overview AI.academy
 
Ruby Nuby Session - Rails Intro
Ruby Nuby Session - Rails IntroRuby Nuby Session - Rails Intro
Ruby Nuby Session - Rails IntroJohn Barton
 
Feelin' Groovy: A Groovy Developer in the Java World
Feelin' Groovy: A Groovy Developer in the Java WorldFeelin' Groovy: A Groovy Developer in the Java World
Feelin' Groovy: A Groovy Developer in the Java WorldKen Kousen
 
React native in the wild @ Codemotion 2016 in Rome
React native in the wild @ Codemotion 2016 in RomeReact native in the wild @ Codemotion 2016 in Rome
React native in the wild @ Codemotion 2016 in RomeAlessandro Nadalin
 
An Introduction to Web VR January 2015
An Introduction to Web VR January 2015An Introduction to Web VR January 2015
An Introduction to Web VR January 2015Tony Parisi
 

More Related Content

Viewers also liked

Mhdiamondsunum 121120193659-phpapp02
Mhdiamondsunum 121120193659-phpapp02Mhdiamondsunum 121120193659-phpapp02
Mhdiamondsunum 121120193659-phpapp02Esra Bayram
 
Mega diamond-presentation!
Mega diamond-presentation!Mega diamond-presentation!
Mega diamond-presentation!Esra Bayram
 
教學簡報 Google 日曆-01基礎設定
教學簡報 Google 日曆-01基礎設定教學簡報 Google 日曆-01基礎設定
教學簡報 Google 日曆-01基礎設定馬克 朱
 
OWASP ATL - Social Engineering Technical Controls Presentation
OWASP ATL - Social Engineering Technical Controls PresentationOWASP ATL - Social Engineering Technical Controls Presentation
OWASP ATL - Social Engineering Technical Controls PresentationOWASP Atlanta
 
Biografia inglish
Biografia inglishBiografia inglish
Biografia inglishmaylybustos
 

Viewers also liked (6)

Mhdiamondsunum 121120193659-phpapp02
Mhdiamondsunum 121120193659-phpapp02Mhdiamondsunum 121120193659-phpapp02
Mhdiamondsunum 121120193659-phpapp02
 
My babies slide
My babies slideMy babies slide
My babies slide
 
Mega diamond-presentation!
Mega diamond-presentation!Mega diamond-presentation!
Mega diamond-presentation!
 
教學簡報 Google 日曆-01基礎設定
教學簡報 Google 日曆-01基礎設定教學簡報 Google 日曆-01基礎設定
教學簡報 Google 日曆-01基礎設定
 
OWASP ATL - Social Engineering Technical Controls Presentation
OWASP ATL - Social Engineering Technical Controls PresentationOWASP ATL - Social Engineering Technical Controls Presentation
OWASP ATL - Social Engineering Technical Controls Presentation
 
Biografia inglish
Biografia inglishBiografia inglish
Biografia inglish
 

Similar to OWASP Railsgoat Vulnerable Web App Demo

An Introduction To Shoes
An Introduction To ShoesAn Introduction To Shoes
An Introduction To ShoesTobias Pfeiffer
 
Mistakes I Made Building Netflix for the iPhone
Mistakes I Made Building Netflix for the iPhoneMistakes I Made Building Netflix for the iPhone
Mistakes I Made Building Netflix for the iPhonekentbrew
 
Rails Development That Doesn't Hurt
Rails Development That Doesn't HurtRails Development That Doesn't Hurt
Rails Development That Doesn't HurtAkira Matsuda
 
Internet of Things & Open HW for Web Developers
Internet of Things & Open HW for Web DevelopersInternet of Things & Open HW for Web Developers
Internet of Things & Open HW for Web DevelopersTomáš Jukin
 
What rails taught me – Eugene Pirogov
What rails taught me – Eugene PirogovWhat rails taught me – Eugene Pirogov
What rails taught me – Eugene PirogovRuby Meditation
 
Making burgers with JavaScript
Making burgers with JavaScriptMaking burgers with JavaScript
Making burgers with JavaScriptDiogo Antunes
 
Tokyo iOS Meetup - 409 - Testing In XCode
Tokyo iOS Meetup - 409 - Testing In XCodeTokyo iOS Meetup - 409 - Testing In XCode
Tokyo iOS Meetup - 409 - Testing In XCodeippoipposoftware
 
Google Assistant Overview
Google Assistant Overview Google Assistant Overview
Google Assistant Overview AI.academy
 
Ruby Nuby Session - Rails Intro
Ruby Nuby Session - Rails IntroRuby Nuby Session - Rails Intro
Ruby Nuby Session - Rails IntroJohn Barton
 
Feelin' Groovy: A Groovy Developer in the Java World
Feelin' Groovy: A Groovy Developer in the Java WorldFeelin' Groovy: A Groovy Developer in the Java World
Feelin' Groovy: A Groovy Developer in the Java WorldKen Kousen
 
React native in the wild @ Codemotion 2016 in Rome
React native in the wild @ Codemotion 2016 in RomeReact native in the wild @ Codemotion 2016 in Rome
React native in the wild @ Codemotion 2016 in RomeAlessandro Nadalin
 
An Introduction to Web VR January 2015
An Introduction to Web VR January 2015An Introduction to Web VR January 2015
An Introduction to Web VR January 2015Tony Parisi
 
Advanced Blogging Ideas & Tools
Advanced Blogging Ideas & ToolsAdvanced Blogging Ideas & Tools
Advanced Blogging Ideas & ToolsGlenn Wiebe
 

Similar to OWASP Railsgoat Vulnerable Web App Demo (18)

An Introduction To Shoes
An Introduction To ShoesAn Introduction To Shoes
An Introduction To Shoes
 
Mistakes I Made Building Netflix for the iPhone
Mistakes I Made Building Netflix for the iPhoneMistakes I Made Building Netflix for the iPhone
Mistakes I Made Building Netflix for the iPhone
 
Rails Development That Doesn't Hurt
Rails Development That Doesn't HurtRails Development That Doesn't Hurt
Rails Development That Doesn't Hurt
 
Do The Work
Do The WorkDo The Work
Do The Work
 
Internet of Things & Open HW for Web Developers
Internet of Things & Open HW for Web DevelopersInternet of Things & Open HW for Web Developers
Internet of Things & Open HW for Web Developers
 
Shoes lightning
Shoes lightningShoes lightning
Shoes lightning
 
What rails taught me – Eugene Pirogov
What rails taught me – Eugene PirogovWhat rails taught me – Eugene Pirogov
What rails taught me – Eugene Pirogov
 
An intro to Eleventy
An intro to EleventyAn intro to Eleventy
An intro to Eleventy
 
Making burgers with JavaScript
Making burgers with JavaScriptMaking burgers with JavaScript
Making burgers with JavaScript
 
Tokyo iOS Meetup - 409 - Testing In XCode
Tokyo iOS Meetup - 409 - Testing In XCodeTokyo iOS Meetup - 409 - Testing In XCode
Tokyo iOS Meetup - 409 - Testing In XCode
 
Intro to Rails
Intro to RailsIntro to Rails
Intro to Rails
 
Google Assistant Overview
Google Assistant Overview Google Assistant Overview
Google Assistant Overview
 
Ruby Nuby Session - Rails Intro
Ruby Nuby Session - Rails IntroRuby Nuby Session - Rails Intro
Ruby Nuby Session - Rails Intro
 
Feelin' Groovy: A Groovy Developer in the Java World
Feelin' Groovy: A Groovy Developer in the Java WorldFeelin' Groovy: A Groovy Developer in the Java World
Feelin' Groovy: A Groovy Developer in the Java World
 
React native in the wild @ Codemotion 2016 in Rome
React native in the wild @ Codemotion 2016 in RomeReact native in the wild @ Codemotion 2016 in Rome
React native in the wild @ Codemotion 2016 in Rome
 
An Introduction to Web VR January 2015
An Introduction to Web VR January 2015An Introduction to Web VR January 2015
An Introduction to Web VR January 2015
 
Advanced Blogging Ideas & Tools
Advanced Blogging Ideas & ToolsAdvanced Blogging Ideas & Tools
Advanced Blogging Ideas & Tools
 
Js basics
Js basicsJs basics
Js basics
 

Recently uploaded

Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 

Recently uploaded (20)

Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 

OWASP Railsgoat Vulnerable Web App Demo

  • 2. WHO AM I?  Really, a question we all face. amiright?  @cktricky on “the twitters”  Ginger  I have many leather-bound books
  • 3. RAILSGOAT INTRO  Purposefully Vulnerable Rails Application (necessary to specify “purposefully”)  Aligns with the OWASP Top 10 2010  Built for realism
  • 4. WHY YOU SHOULD USE IT? Q: Pretty, Nice, and Made of spice? A: Absolutely
  • 5. WHY YOU SHOULD USE IT?  Great learning tool  Tweak-able (not tweaker, that’s a different group)  Built to scale  Come on people, it’s Ruby!!!
  • 6. OKAY, SO HOW DO I GET STARTED?  Visit the homepage http://railsgoat.cktricky.com  Follow installation instructions  Hack all the things
  • 7. SUPPORT WINDOWS? I’m not even sure Windows supports Windows
  • 8. WHERE IS THE CODE HOSTED? GitHub, because I <3 GitHub
  • 9. ROADMAP No, we aren’t “winging it”, I swear The Roadmap is in the form of GitHub “Issues”. Important additions • Rails 4 • OWASP Top 10, 2013 • More features, more pwnage
  • 10. CONTRIBUTIONS  You earn one million kencoins (like bitcoins except worthless. Actually…..exactly like bitcoins).  Statues will be built in your honor  Good luck with the paparazzi  fork/commit/push/pull-request
  • 11. CAN I SEE IT? Only if you have 1 billion kencoins!!!
  • 12. THANKS You are awesome, slap your hands together repeatedly for yourself.  Twitter - @cktricky  Blogs –  carnal0wnage.attackresearch.com  blog.nvisium.com  cktricky.com (In progress. Very, very slow progress)