While working to secure Rails applications in a truly Agile development environment, it became clear to Ken Johnson (@cktricky), CTO of nVisium Security, and Mike McCabe (@mccabe615) that the Rails community needed attention to security in the form of free and open training. The events that have transpired this past year have only reinforced that belief. RailsGoat, an OWASP project, is an attempt to bring attention to both the problems that most frequently occur in Rails, solutions for remediation, and common attack scenarios. Ken, Mike, and their contributors built a vulnerable Rails application that aligns with the OWASP Top 10 and can be used as a training tool for Rails-based development shops.
Resources
 


Brakeman -  http://brakemanscanner.org/


RailsGoat - http://railsgoat.cktricky.com/


OWASP - https://www.owasp.org/


OWASP NoVA - http://www.meetup.com/OWASP-Northern-Virginia-Chapter/


Rails Security Guide - http://guides.rubyonrails.org/security.html


RoR Security Google Group - https://groups.google.com/forum/#!forum/rubyonrails-security


DevOops Video - https://www.youtube.com/watch?v=1kPw3tHt2oo


DevOops Slides - http://www.slideshare.net/chrisgates/lascon-2014-devooops


Ensnare Gem - https://github.com/ahoernecke/ensnare