Web-app security risks demonstrated

This page summarizes the projects mentioned and recommended in the original post on dev.to

Our great sponsors
  • PopRuby - Clothing and Accessories for Ruby Developers
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • security-risks-demo

    The OWASP (Open Web Application Security Project) Community launches a list of the top 10 biggest internet security-risks every year. This post will cover them and also give a demonstration to each one. All the code for the demonstrations is open source. Feel free to fork and add your own demonstrations!

  • CanCanCan

    The authorization Gem for Ruby on Rails.

    In production code you would most likely use a library for access control, such as CanCanCan

  • PopRuby

    PopRuby: Clothing and Accessories for Ruby Developers. Fashion meets Ruby! Shop our fun Ruby-inspired apparel and accessories designed to celebrate the joy and diversity of the Ruby community.

  • rails-bruter.py

    This vulnerability is concerned with flaws in the login and session handling process, such as allowing brute force or other automated attacks, allowing weak passwords, knowledge based answers for password revocery or exposure of the session identifier in the URL. For our demonstration we want to brute force an account on /insecure-login. The brute force code is on (GitHub)[https://github.com/aneshodza/rails-bruter.py]. If we execute it will open an instance of the browser and try to brute force the password. When it finds the correct password it writes that into passwords.txt. This should be prevented by someone that is trying to create a web-app, by, for example, limiting the amount of login tries a person can do or implementing a captcha.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts