[WEB SECURITY] Ruby vulnerable project needed

Stephan Wehner stephanwehner at gmail.com
Fri Apr 29 20:01:34 EDT 2011

On Thu, Apr 14, 2011 at 4:42 PM, Joshua Lang <joshulang at gmail.com> wrote:
> Hello security people,
> I'm in the process of learning Ruby's vulnerabilities, and was wondering how
> to advance.
> One thing I really want is a "Ruby-Webgoat" :) - any project (set of
> projects?) that has many vulnerabilities (either well-documented, which is
> muhch preferable), or even something non-documented. I mean all the standard
> things - XSS, SQL Injection, XSRF... whatever can be found in Ruby.

This Ruby-on-Rails project is pretty ambitious, and probably
worthwhile to support with respect to closing security holes:


An article about its security appeared this week at
I think it doesn't reflect the current state of the code,
security-wise, not sure.


> Also, if there are any other good resources for vulnerabilities in Ruby, and
> mainly for Ruby-specific vulnerabilities (are there any of these?), I'd be
> more than happy to get the relevant links (list of potential programming
> vulnerabilities, how-to, small examples...)
> Thanks a lot in advance,
> ~josh~
> _______________________________________________
> The Web Security Mailing List
> WebSecurity RSS Feed
> http://www.webappsec.org/rss/websecurity.rss
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
> WASC on Twitter
> http://twitter.com/wascupdates
> websecurity at lists.webappsec.org
> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org

Stephan Wehner

-> http://stephan.sugarmotor.org (blog and homepage)
-> http://loggingit.com
-> http://www.thrackle.org
-> http://www.buckmaster.ca
-> http://www.trafficlife.com
-> http://stephansmap.org -- http://blog.stephansmap.org
-> http://twitter.com/stephanwehner / @stephanwehner

More information about the websecurity mailing list