Foundstone Releases Learning Platform for Secure Coding

By | August 28, 2006

Foundstone Hacme Casino is a learning platform for secure software development and is targeted at software developers, application penetration testers, software architects, and anyone with an interest in application security. Hacme Casino is an extensible online casino platform and demonstrates the security problems that can potentially arise in these applications.

Hacme Casino is built using Ruby on Rails. Ruby on Rails (sometimes called RoR or Rails) is an open-source web application framework, built entirely in Ruby, which emphasizes adherence to the Model-View-Controller(MVC) architecture and a principle of DRY (Don’t Repeat Yourself). Hacme Casino utilizes some of the basic and some of the more advanced features of the Ruby on Rails framework.

It is meant to be representative of a typical Rails application, using standard features such as ActiveRecord. It also includes functionality which incorporates AJAX-style interaction, which is baked into the Rails framework, and harnesses the LoginGenerator, which is supplied by the Rails community for creating code to perform authentication in an application.

Many of the vulnerabilities in Hacme Casino cannot be detected automatically – they must be assessed by a human who has an understanding of the business context online gaming applications operate in.

Leave a Reply