Merge pull request #489 from OWASP/fix/readme-wiki-vulnerabilities
Replace vulnerability list with link to wiki as source of truth
This commit is contained in:
Ken Johnson
@@ -14,21 +14,9 @@ RailsGoat is an intentionally insecure Rails application designed to teach web a
|
|||||||
|
|
||||||
## Vulnerabilities Included
|
## Vulnerabilities Included
|
||||||
|
|
||||||
RailsGoat includes examples of these security issues:
|
RailsGoat demonstrates real-world security vulnerabilities from the OWASP Top 10, including SQL injection, cross-site scripting (XSS), authentication issues, insecure direct object references, and more.
|
||||||
|
|
||||||
- **SQL Injection** - Unsafe database queries
|
For a complete list of vulnerabilities with detailed explanations and tutorials, visit the [RailsGoat Wiki](https://github.com/OWASP/railsgoat/wiki).
|
||||||
- **Cross-Site Scripting (XSS)** - Unescaped user input
|
|
||||||
- **Cross-Site Request Forgery (CSRF)** - Missing request validation
|
|
||||||
- **Insecure Direct Object Reference** - Unauthorized data access
|
|
||||||
- **Mass Assignment** - Unprotected model attributes
|
|
||||||
- **Authentication Issues** - Weak login mechanisms
|
|
||||||
- **Sensitive Data Exposure** - Cleartext storage of SSNs and weak password hashing
|
|
||||||
- **Missing Access Controls** - Unauthorized admin access
|
|
||||||
- **Command Injection** - Unsafe system command execution
|
|
||||||
- **Unvalidated Redirects** - Open redirect vulnerabilities
|
|
||||||
- **Password Complexity Issues** - Insufficient password requirements
|
|
||||||
|
|
||||||
Each vulnerability includes a failing test that demonstrates the security flaw and a wiki tutorial explaining the attack and remediation.
|
|
||||||
|
|
||||||
## Quick Start
|
## Quick Start
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user