This talk will focus on the security of the Ruby on Rails Web Framework. Some dos and don’ts will be presented along with security Best Practices for common attacks like session fixation, XSS, SQL injection, and deployment weaknesses. Even though Ruby on Rails introduces a lot of best practices to the developer, it is still quite easy for an imprudent programmer to forget that every web application is a potential target. Web application attacks like Cross Site Scripting or Cross Site Request Forgery are very popular these days and every Rails developer should have an idea about the different possibilities that his application presents to an attacker. This talk will cover most of the common web application vulnerabilities like Cross Site Scripting and Cross Site Request Forgery, SQL and Code injection, and deployment security and how they apply to Rails. Further Ruby on Rails specific issues like Rails plugin security, JavaScript/Ajax security, and Rails configuration will be examined and best practices introduced.
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.