Ruby and Rails security

Articles and Resources for Ruby and Rails Security

Articles

Protecting your Rails application with fail2ban

Connect Rails to fail2ban to detect simple attacks that cause exceptions in your application. One of the characteristics of the more naive attacks are that they are usually started with a bulk scan of your server. This less sophisticated attackers don’t even bother fine-tuning their scanners either which results in lots of weird requests hitting your Rails app (e.g. for .aspx or .jsp pages). One of the very first things you do when putting an app out there...

Read entire article

Resources

Ruby

Other resources

Tools

  • Brakeman ‐ Static analysis security scanner for Ruby on Rails.
  • bundler-audit ‐ Patch-level verification for Bundler.