Hi, 
Guest
Pic
Sign In

websecurity@lists.webappsec.org

The Web Security Mailing List

View all threads

Re: [WEB SECURITY] Ruby vulnerable project needed

M
MustLive
Fri, Apr 29, 2011 8:55 PM

Hello Josh!

Concerning your learning of Ruby's vulnerabilities, I can suggest you to
look at web applications on Ruby (popular or not so popular) and find holes
in real webapps. With this you'll gain experience of finding holes in web
applications on Ruby and also you can inform developers about them and so
you'll help them to improve security of their web applications.

One thing I really want is a "Ruby-Webgoat" :) - any project (set of
projects?) that has many vulnerabilities

Better to work with real web applications. My position concerning synthetic
software I already described in 2009 in WASC Mailing List. Or if you can't
find such webapps or there are other reasons for not testing on localhost,
then you can search for vulnerabilities at real sites on Ruby - to search
for holes in Ruby webapps in real environment. About legality of such
researches I told in the same above-mentioned discussion in 2009 in this
list. Based on my two posts on this subject I've created my article Hacking
of web sites, security researches, disclosure and legislation
(http://websecurity.com.ua/articles/security_researches_and_legislation/eng/).

So with no doubts you'll find web applications on Ruby to check them for
vulnerabilities ;-). For all those which can be found in Ruby (and it's a
lot of WASC TC v.2.0).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

Joshua Lang joshulang at gmail.com
Thu Apr 14 19:42:08 EDT 2011

Hello security people,

I'm in the process of learning Ruby's vulnerabilities, and was wondering
how
to advance.

One thing I really want is a "Ruby-Webgoat" :) - any project (set of
projects?) that has many vulnerabilities (either well-documented, which is
muhch preferable), or even something non-documented. I mean all the
standard
things - XSS, SQL Injection, XSRF... whatever can be found in Ruby.

Also, if there are any other good resources for vulnerabilities in Ruby,
and
mainly for Ruby-specific vulnerabilities (are there any of these?), I'd be
more than happy to get the relevant links (list of potential programming
vulnerabilities, how-to, small examples...)

Thanks a lot in advance,
~josh~

Hello Josh! Concerning your learning of Ruby's vulnerabilities, I can suggest you to look at web applications on Ruby (popular or not so popular) and find holes in real webapps. With this you'll gain experience of finding holes in web applications on Ruby and also you can inform developers about them and so you'll help them to improve security of their web applications. > One thing I really want is a "Ruby-Webgoat" :) - any project (set of > projects?) that has many vulnerabilities Better to work with real web applications. My position concerning synthetic software I already described in 2009 in WASC Mailing List. Or if you can't find such webapps or there are other reasons for not testing on localhost, then you can search for vulnerabilities at real sites on Ruby - to search for holes in Ruby webapps in real environment. About legality of such researches I told in the same above-mentioned discussion in 2009 in this list. Based on my two posts on this subject I've created my article Hacking of web sites, security researches, disclosure and legislation (http://websecurity.com.ua/articles/security_researches_and_legislation/eng/). So with no doubts you'll find web applications on Ruby to check them for vulnerabilities ;-). For all those which can be found in Ruby (and it's a lot of WASC TC v.2.0). Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua Joshua Lang joshulang at gmail.com Thu Apr 14 19:42:08 EDT 2011 > Hello security people, > > I'm in the process of learning Ruby's vulnerabilities, and was wondering > how > to advance. > > One thing I really want is a "Ruby-Webgoat" :) - any project (set of > projects?) that has many vulnerabilities (either well-documented, which is > muhch preferable), or even something non-documented. I mean all the > standard > things - XSS, SQL Injection, XSRF... whatever can be found in Ruby. > > Also, if there are any other good resources for vulnerabilities in Ruby, > and > mainly for Ruby-specific vulnerabilities (are there any of these?), I'd be > more than happy to get the relevant links (list of potential programming > vulnerabilities, how-to, small examples...) > > Thanks a lot in advance, > ~josh~
Empathy v1.0   2024 ©Harmonylists.com