Welcome to the Aconiac Security Group Blog

This blog includes company news, company statements, tutorials, guides and much more. So please add this blog to your RSS reader and let us help you to become better security professionals.
Disclaimer: The views of individual bloggers may not be the views of Aconiac as a whole.

1

Ruby on Rails Security Guide

Wednesday, July 29th, 2009 | Tips & Tricks | Michael Lind Mortensen

Ruby on Rails logo As is sadly often the case, well-meaning newcomers to programming take on the newest and/or most popular programming language/framework available. And as you might suspect, they usually get it wrong and make every design and security mistake possible along the way!

This is a trend that we’ve seen with pretty much every popular programming language out there – like for example PHP, which sadly still holds the record for most insecure websites written in the language.

One very popular web framework these days is Ruby on Rails, created by the very talented 29 year old Danish guy David Heinemeier Hansson. It uses a Model-View-Controller construction and emphasizes good design by such principles as DRY (Don’t Repeat Yourself). By all means it’s a very good web framework! But as with PHP, a lot of newcomers get it wrong. Either by not following the Ruby on Rails conventions or by ignoring security!

Now, we’re not here to teach you about design. If you want to learn more about proper software design, a good place to start is simply your local library. Look for books on topics like Design Patterns, Software Engineering, Extreme Programming, Test Driven Development and Agile Software Development.

However what we do want to teach you about, is proper security in Ruby on Rails! Luckily, we don’t have to take out extreme amounts of time from the work we need to do, to get you trained in RoR security – instead we can simply refer to the work already done by the OWASP organization. OWASP is an organization working to improve web application security in the entire world, by means of a whole bunch of different projects for developers, security professionals and end users. One of these projects is the Ruby on Rails Security Guide V2 project which includes a PDF file detailing the different security concerns and solutions concerning Ruby on Rails development.

If you are going to develop Ruby on Rails applications (or if you’re simply curious) please download the Ruby on Rails Security Guide from OWASP and read it before doing any production deployment of applications.

Note: If you’re too busy to go to the project page on OWASP and find the download link, then here’s a direct download link instead: Download the Security Guide

Tags: development, Ruby on Rails, security, vulnerabilities

1 Comment to 'Ruby on Rails Security Guide'

New OWASP guide: Secure Application Development on Facebook | Aconiac Security Group Blog
April 6, 2010

[...] & Tricks, Tutorials | Michael Lind Mortensen As we’ve covered in an earlier blogpost (http://blog.aconiac.com/2009/07/29/ruby-on-rails-security-guide/) OWASP is an organization working to improve web application security in the entire world, by means [...]

Aconiac Security Group Blog

The official Aconiac company blog

Welcome to the Aconiac Security Group Blog

Ruby on Rails Security Guide

1 Comment to 'Ruby on Rails Security Guide'

Leave a comment

Subscription

Categories

Archives