Ruby and Rails security resources | Dradis Framework Academy

Articles and Resources for Ruby and Rails Security

Articles

Protecting your Rails application with fail2ban

Connect Rails to fail2ban to detect simple attacks that cause exceptions in your application. One of the characteristics of the more naive attacks are that they are usually started with a bulk scan of your server. This less sophisticated attackers don’t even bother fine-tuning their scanners either which results in lots of weird requests hitting your Rails app (e.g. for .aspx or .jsp pages). One of the very first things you do when putting an app out there...

Read entire article ›

Resources

Ruby

Ruby Security Reviewer's Guide
Ruby Security language readme
Ruby Security Announcements mailing list (subscribe)
CVE Details: Ruby latest publicly disclosed vulnerabilities in the Ruby language.
ruby-advisory-db aims to compile all advisories that are relevant to Ruby libraries.

Other resources

Ruby on Rails OWASP Cheatsheet
Rails Security Pitfalls
Preproduction Security Checklist for a Rails App
CVE Details: Ruby on Rails latest publicly disclosed vulnerabilities in Rails.

Tools

Brakeman ‐ Static analysis security scanner for Ruby on Rails.
bundler-audit ‐ Patch-level verification for Bundler.

Streamline InfoSec Project Delivery

Learn practical tips to reduce the overhead that drags down security assessment delivery with this 5-day course. These proven, innovative, and straightforward techniques will optimize all areas of your next engagement including:

Scoping
Scheduling
Project Planning

Delivery
Intra-team Collaboration
Reporting and much more...

Business Intelligence

Gateway: Client Portal

Remediation Tracker

Project Scheduler

Mappings Manager

Rules Engine

REST API

Risk Calculators

CSV Importer

Methodologies

Quality Assurance

Issue Library

Support Service

Academy

Screenshots

Guides

FAQ

Blog

Ruby and Rails security