At Route Vu, we are building a mobile application that also requires backend server and web server support. In this app, we have a number of unique privacy issues (for a social application) we wish to address, so security becomes even more critical for us. Personally, I'm new to Rails. Why should you trust three blog posts about securing a Ruby on Rails application? Fair question. In a prior life I worked for the world's second largest software company securing their database and applications, helping secure their on-line applications and crafting their security response team.
The following three blog posts cover separate topics:
- Overall Web Application Security
- Authentication and Authorization
- Two Security Vulnerabilities Development Must Fix
Honestly, I consider item 3, the two vulnerabilities, the most important post you should read - way to bury the lead, huh? The other two are almost no-brainers in terms of what you should do. Don't get me wrong, you must make plenty of decisions and do a lot of work satisfying the security issues in items 1 & 2. However, after perusing the common Rails programming idioms and finding the Primary Key vulnerability, I felt compelled to write these blog posts (if for no one other than me and my development team).
I hope you find them useful. If you see any complete and utter Ruby or Rails programming Fails, please drop me a line or make comment to correct.
مشاركة رائعة. منشورك مكتوب بشكل جيد للغاية وفريد من نوعه. شكرا لتقاسم هذا المنشور هنا. الرجاء زيارة موقعنا على الويب تحميل جوجل بلايReplyDelete
Nice info, I am very thankful to you for sharing this important knowledge. This information is helpful for everyone. Read more info about Custom Mobile App Development Agency Abu Dhabi. So please always share this kind of information. Thanks.ReplyDelete