Ruby and Rails security

Articles

Protecting your Rails application with fail2ban

Connect Rails to fail2ban to detect simple attacks that cause exceptions in your application. One of the characteristics of the more naive attacks are that they are usually started with a bulk scan of your server. This less sophisticated attackers don’t even bother fine-tuning their scanners either which results in lots of weird requests hitting your Rails app (e.g. for .aspx or .jsp pages). One of the very first things you do when putting an app out there...

Read entire article




Resources

Ruby

Ruby on Rails

Official Ruby on Rails security Resources

Other resources

Tools

Recent CVE entries

Ruby Security Monthly report

You don't need to subscribe to each mailing list and resource in this page.

Get a summary of the latest Ruby and Rails Security information in your inbox once a month.



March 2016 Highlights

Ruby language security

New versions of Ruby: 2.0.0-p0648, 2.1.8 and 2.2.4

Ruby on Rails security

Brakeman 3.2.0 was released. Brakeman is an open source vulnerability scanner specifically designed for Ruby on Rails applications.

New versions of Rails (non-security related): 4.2.6 and 4.1.15 (announcement).

New versions of Rails (due to security fixes): 4.2.5.2, 4.1.14.2 and 3.2.22.2(announcement) that close:


February 2016 Highlights

The OWASP Ruby on Rails Cheatsheet was updated to reflect the best way to secure default HTTP headers in Rails 4.

Brakeman 3.1.5 was released. Brakeman is an open source vulnerability scanner specifically designed for Ruby on Rails applications.

New versions of Rails: 4.2.5.1, 4.1.14.1, 3.2.22.1 (announcement) that close:

Back to top