MY TAKE ON OWASP AND RAILS GOAT

OWASP top 10 refers to the top 10 security vulnerabilities of web applications compiled by OWASP for developers to take note of when it comes to securing web applications. The top ten as of April 2020 include Injection, Broken Authentication, sensitive data exposure, XML external entities, broken access control, security misconfiguration, cross-site scripting, insecure deserialization, using components with known vulnerabilities, insufficient logging, and monitoring.

I have always tried to ensure security on projects I have worked on. There are some vulnerabilities that I have never thought of like cross-site scripting. I have heard about it but just never taken it seriously because before a few days ago, I had not read about it and the dangers it can do. The OWASP top ten has given me an insight into these issues and it’s safe to say that I will always have them in mind on my next projects.  

Rails goat is a vulnerable project that shows OWASP top 10 vulnerabilities and how to fix them. I recommend it to anyone who is learning rails and web security in general. There are some vulnerabilities that I consider very basic, for instance, https://github.com/OWASP/railsgoat/wiki/R5-A10-Unvalidated-Redirects-and-Forwards-(redirect_to). This vulnerability concerns asking for a user to input the page they want to be redirected to after sign up. Looking at this makes me wonder if this ever happens because almost every tutorial on the internet, once a user signs up, they are redirected to the home page.why would an application have functionality that requests a user to input a location they want to be redirected to?.

The rails goat project has given me insight into how these attacks can occur and how to prevent them.