Ruby and Rails security
Articles and Resources for Ruby and Rails Security
Articles
Protecting your Rails application with fail2ban
Connect Rails to fail2ban to detect simple attacks that cause exceptions in your application. One of the characteristics of the more naive attacks are that they are usually started with a bulk scan of your server. This less sophisticated attackers don’t even bother fine-tuning their scanners either which results in lots of weird requests hitting your Rails app (e.g. for .aspx or .jsp pages). One of the very first things you do when putting an app out there...
Resources
Ruby
- Ruby Security Reviewer's Guide
- Ruby Security language readme
- Ruby Security Announcements mailing list (subscribe)
- CVE Details: Ruby latest publicly disclosed vulnerabilities in the Ruby language.
- ruby-advisory-db aims to compile all advisories that are relevant to Ruby libraries.
Other resources
- Ruby on Rails OWASP Cheatsheet
- Rails Security Pitfalls
- Preproduction Security Checklist for a Rails App
- CVE Details: Ruby on Rails latest publicly disclosed vulnerabilities in Rails.
Tools
- Brakeman ‐ Static analysis security scanner for Ruby on Rails.
- bundler-audit ‐ Patch-level verification for Bundler.
Seven Strategies To Differentiate Your Cybersecurity Consultancy
You don’t need to reinvent the wheel to stand out from other cybersecurity consultancies. Often, it's about doing the simple things better, and clearly communicating what sets you apart.
- Tell your story better
- Improve your testimonials and case studies
- Build strategic partnerships
Your email is kept private. We don't do the spam thing.