This project provides Ruby code examples for the OWASP Top 10 2021 vulnerabilities. Each vulnerability is demonstrated with vulnerable code, along with a secure solution and explanations.
- A01:2021 - Broken Access Control
- A02:2021 - Cryptographic Failures
- A03:2021 - Injection
- A04:2021 - Insecure Design
- A05:2021 - Security Misconfiguration
- A06:2021 - Vulnerable and Outdated Components
- A07:2021 - Identification and Authentication Failures
- A08:2021 - Software and Data Integrity Failures
- A09:2021 - Security Logging and Monitoring Failures
- A10:2021 - Server-Side Request Forgery (SSRF)
Each file follows this structure:
- Description of the vulnerability
- Vulnerable code example
- Explanation of why it's vulnerable
- Exploitation example
- Secure solution
- Explanation of the improvements
These examples are for educational purposes. They demonstrate common security pitfalls in Ruby applications and how to avoid them.
Feel free to submit pull requests to improve the examples or add more detailed explanations.
The vulnerable code examples should never be used in production environments. They are provided solely for learning purposes.