Damn Vulnerable Grade Management System - An Intentionally Vulnerable Ruby on Rails App
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
Michael Herzberg ee24685234 Updated submodules. 1 year ago
..
exercises DVGM: Using ZAP. 2 years ago
solutions @ 9490958483 Updated submodules. 1 year ago
README.md Initial commit. 2 years ago
ruby-primer.md Added Ruby primer. 2 years ago

README.md

DVGM -- Usage and Security Analysis

Introduction / Prerequisites

This exercise sheet is meant to be followed on a recent GNU/Linux installation and makes use of the terminal. While all necessary commands are provided, a basic understanding if its usage is still required.

In the following, we will use the Damn Vulnerable Grade Management (DVGM) app as a training target. Before continuing, please familiarize yourself with the app and ensure that it is listening on http://$(hostname):3000, where $(hostname) is the host name of your machine as returned by the hostname command. This is important because some scanners have problems when scanning loopback addresses such as localhost and 127.0.0.1.

If you need to fresh-up your Ruby knowledge, our small Ruby Primer might be a helpful companion.

Questions / Challenges

The folder exercises contains several exercises that illustrate both manual exploration of DVGM and the use of tools such as Brakeman, Arachni, and OWASP ZAP for finding various security vulnerabilities in DVGM.