railsgoat
railsgoat copied to clipboard
OWASP
"Getting Started" Improvement
This was a quick hack to make some sense of what you are supposed to do but I'm frankly embarrassed at how terrible it STILL is, lets make an effort to improve it significantly.
Step one would be to update the recommended version of RVM. 1.9.3? Yuck.
Or, do a quick parse of the README and extract the "Getting started" section from there?
:+1: - Agreed. All of these things are on my list to tackle as of the new year when things slow down a little, although assistance is always appreciated!
I just created a Gist, for installing Railsgoat into Kali 2.0:
https://gist.github.com/apolloclark/0884c79d40ef6774e5c0
The only difficulty I encountered was installing ruby 2.3, since the current Debian stable version is only 2.2, hence using rbenv.
I can confirm this script works with: Kali Linux 2.0, Debian Jessie, Ubuntu 14.04, Ubuntu 15.10, and can easily be reused to build some Docker containers.
Thanks @apolloclark , I think we can use possibly use this in the wiki or something to that effect. If we include a script, it has to be maintained, so I'm just contemplating best way to tackle. I think an editable wiki entry might be the best way (pointing to your gist).
Sounds good. I personally prefer to use Ansible for provisioning, but a simple Bash script is the quickest, easiest, way for the largest group of people to get started.
For maintenance, I could update the travis.yml file to use Vagrant and ensure this script works with the build in the future. This will ensure support for the previously mentioned platforms. I don't know any way to build against a Mac OSX VM, and Windows support is dicey even with Cygwin and MinGW.
Honestly if you'd be willing to update the vagrant build I'd be incredibly grateful.
On Mon, Feb 15, 2016 at 2:08 PM, Apollo Clark [email protected] wrote:
Sounds good. I personally prefer to use Ansible for provisioning, but a simple Bash script is the quickest, easiest, way for the largest group of people to get started.
For maintenance, I could update the travis.yml file to use Vagrant and ensure this script works with the build in the future. This will ensure support for the previously mentioned platforms. I don't know any way to build against a Mac OSX VM, and Windows support is dicey even with Cygwin and MinGW.
— Reply to this email directly or view it on GitHub https://github.com/OWASP/railsgoat/issues/167#issuecomment-184416000.
The Vagrantfile is just pulling down @mccabe615 's"mccabe615/railsgoat" Docker image. So, attempt to update that?
It would probably be worthwhile to move the image to the official OWASP DockerHub account. I can help with that if you can't get access Apollo. Last time I checked (~3 months ago) the Vagrant file was working but worth checking.
On Tue, Feb 16, 2016 at 10:38 AM, Apollo Clark [email protected] wrote:
The Vagrantfile is just pulling down @mccabe615 https://github.com/mccabe615 's"mccabe615/railsgoat" Docker image. So, attempt to update that?
— Reply to this email directly or view it on GitHub https://github.com/OWASP/railsgoat/issues/167#issuecomment-184735008.
And we're on OWASP's Slack if @mccabe615 wants to assist you with that move to OWASP Docker
On Tue, Feb 16, 2016 at 7:42 AM, Mike McCabe [email protected] wrote:
It would probably be worthwhile to move the image to the official OWASP DockerHub account. I can help with that if you can't get access Apollo. Last time I checked (~3 months ago) the Vagrant file was working but worth checking.
On Tue, Feb 16, 2016 at 10:38 AM, Apollo Clark [email protected] wrote:
The Vagrantfile is just pulling down @mccabe615 https://github.com/mccabe615 's"mccabe615/railsgoat" Docker image. So, attempt to update that?
— Reply to this email directly or view it on GitHub https://github.com/OWASP/railsgoat/issues/167#issuecomment-184735008.
— Reply to this email directly or view it on GitHub https://github.com/OWASP/railsgoat/issues/167#issuecomment-184737307.
So there are a couple items before we can close this out.
-
[ ] Getting started (gh-pages branch) needs an update to remove outdated ruby versions and really just point to the readme.md as for actual installation instructions.
-
[ ] Decide if we want to keep railsgoat.cktricky.com and make its' "getting started" more about the way to approach learning with railsgoat - or scrap it and dedicate a wiki entry to "here are ways you can learn from railsgoat" (and link to it from the readme)
/cc @mccabe615
I'm fine with relying on the readme as the starting place. The website could be an overview of the app and it's purpose to serve as an introduction.
Is there anything that the custom domain can do, that the wiki +readme cannot? Seems the wiki gets much more frequent attention, and people understand using github wikis to research.
Or alternatively, is there anything on the website that shouldn't already be incorporated into the wiki + readme?
Or alternatively, is there anything on the website that shouldn't already be incorporated into the wiki + readme?
I think the attribution/thanks and a more comprehensive overview of how to use railsgoat from a teaching/learning perspective. Both of these would be betters suited in the wiki. I have two main reasons to remove the site
1 - Consolidate where information comes from (wiki is better IMO) and this also means less to maintain.
2 - Its on my personal domain. Its an OWASP project first and foremost, not mine (or any one person), so I'd like to keep it all pointing to OWASP.
Side note, if we move to wiki as "home page", update here.
Added Github issues #308 (Code of Conduct), #309 (Contributing file)", #310 (Issue or PR template (2 separate files)). Note the Code of Conduct has 2 defaults to start with.
