Ruby on Rails Security
- Type
- Slides
- Tags
- Ruby on Rails
- Authors
- Jonathan Wilkins
- Event
- Chaos Communication Congress 24th (24C3) 2007
- Indexed on
- Mar 27, 2013
- URL
- http://events.ccc.de/congress/2007/Fahrplan/attachments/1041_rails_security.pdf
- File name
- 1041_rails_security.pdf
- File size
- 1.7 MB
- MD5
- 0b1d69c8951f4eb267281cdd9f6d72cb
- SHA1
- e3382bf7eccbbccad46131a1119543e164c81ea9
This talk will focus on the security of the Ruby on Rails Web Framework. Some dos and don’ts will be presented along with security Best Practices for common attacks like session fixation, XSS, SQL injection, and deployment weaknesses. Even though Ruby on Rails introduces a lot of best practices to the developer, it is still quite easy for an imprudent programmer to forget that every web application is a potential target. Web application attacks like Cross Site Scripting or Cross Site Request Forgery are very popular these days and every Rails developer should have an idea about the different possibilities that his application presents to an attacker. This talk will cover most of the common web application vulnerabilities like Cross Site Scripting and Cross Site Request Forgery, SQL and Code injection, and deployment security and how they apply to Rails. Further Ruby on Rails specific issues like Rails plugin security, JavaScript/Ajax security, and Rails configuration will be examined and best practices introduced.
About us
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Statistics
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.
Contribute
To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.
