Monday, November 25, 2013

Securing Rails, Overview

I very much enjoy developing applications on the latest platform technology. Gone are the days when building a company to support a great new idea required hardware purchases, IT consultant support, and hiring a raft of developers to build infrastructure. The need to hire a raft of developers hasn't gone away, but now we all get to focus (for the most part) on building out tech to directly support the idea and the company. However, one really, really important item has not gone away - the proper understanding and application of security.

At Route Vu, we are building a mobile application that also requires backend server and web server support. In this app, we have a number of unique privacy issues (for a social application) we wish to address, so security becomes even more critical for us. Personally, I'm new to Rails. Why should you trust three blog posts about securing a Ruby on Rails application? Fair question. In a prior life I worked for the world's second largest software company securing their database and applications, helping secure their on-line applications and crafting their security response team.

The following three blog posts cover separate topics:
  1. Overall Web Application Security
  2. Authentication and Authorization
  3. Two Security Vulnerabilities Development Must Fix
Honestly, I consider item 3, the two vulnerabilities, the most important post you should read - way to bury the lead, huh? The other two are almost no-brainers in terms of what you should do. Don't get me wrong, you must make plenty of decisions and do a lot of work satisfying the security issues in items 1 & 2. However, after perusing the common Rails programming idioms and finding the Primary Key vulnerability, I felt compelled to write these blog posts (if for no one other than me and my development team).

I hope you find them useful. If you see any complete and utter Ruby or Rails programming Fails, please drop me a line or make comment to correct.

No comments:

Post a Comment