refer to Rails 5 wiki (to be created)

spec/vulnerabilities/csrf_spec.rb

@@ -7,7 +7,7 @@ feature 'csrf' do
     @normal_user = UserFixture.normal_user
   end
 
-  scenario "attack\nTutorial: https://github.com/OWASP/railsgoat/wiki/R4-A8-CSRF", :js => true do
+  scenario "attack\nTutorial: https://github.com/OWASP/railsgoat/wiki/R5-A8-CSRF", :js => true do
     visit '/'
     # TODO: is there a way to get this without visiting root first?
     base_url = current_url

spec/vulnerabilities/mass_assignment_spec.rb

@@ -21,7 +21,7 @@ feature 'mass assignment' do
     expect(@normal_user.reload.admin).to be_truthy
   end
 
-  scenario 'attack two, Tutorial: https://github.com/OWASP/railsgoat/wiki/R4-Extras-Mass-Assignment-Admin-Role' do
+  scenario 'attack two, Tutorial: https://github.com/OWASP/railsgoat/wiki/R5-Extras-Mass-Assignment-Admin-Role' do
     params = {:user => {:admin => 't',
                         :email => 'hackety@h4x0rs.c0m',
                         :first_name => 'hackety',

spec/vulnerabilities/sql_injection_spec.rb

@@ -7,7 +7,7 @@ feature 'sql injection' do
     @admin_user = User.where("admin='t'").first
   end
 
-  scenario "attack\nTutorial: https://github.com/OWASP/railsgoat/wiki/R4-A1-SQL-Injection-Concatentation" do
+  scenario "attack\nTutorial: https://github.com/OWASP/railsgoat/wiki/R5-A1-SQL-Injection-Concatentation" do
     expect(@admin_user.admin).to be_truthy
 
     login(@normal_user)