Ruby and Rails security
Articles and Resources for Ruby and Rails Security
Articles
Protecting your Rails application with fail2ban
Connect Rails to fail2ban to detect simple attacks that cause exceptions in your application. One of the characteristics of the more naive attacks are that they are usually started with a bulk scan of your server. This less sophisticated attackers don’t even bother fine-tuning their scanners either which results in lots of weird requests hitting your Rails app (e.g. for .aspx or .jsp pages). One of the very first things you do when putting an app out there...
Resources
Ruby
- Ruby Security Reviewer's Guide
- Ruby Security language readme
- Ruby Security Announcements mailing list (subscribe)
- CVE Details: Ruby latest publicly disclosed vulnerabilities in the Ruby language.
- ruby-advisory-db aims to compile all advisories that are relevant to Ruby libraries.
Other resources
- Ruby on Rails OWASP Cheatsheet
- Rails Security Pitfalls
- Preproduction Security Checklist for a Rails App
- CVE Details: Ruby on Rails latest publicly disclosed vulnerabilities in Rails.
Tools
- Brakeman ‐ Static analysis security scanner for Ruby on Rails.
- bundler-audit ‐ Patch-level verification for Bundler.
Streamline InfoSec Project Delivery
Learn practical tips to reduce the overhead that drags down security assessment delivery with this 5-day course. These proven, innovative, and straightforward techniques will optimize all areas of your next engagement including:
- Scoping
- Scheduling
- Project Planning
- Delivery
- Intra-team Collaboration
- Reporting and much more...
Your email is kept private. We don't do the spam thing.