Common Rails Security Pitfalls and Their Solutions

Common Rails Security Pitfalls and Their Solutions

The Ruby on Rails framework does its best to keep you secure. However, as the official documentation suggests, there is no such thing as “plug-and-play security”. Therefore, it’s important to understand common (and less common) security pitfalls that you may encounter. In this article, we will discuss some of these security issues, as well as the steps to make your application more protected.

The topics to be covered:

  • Mass assignment
  • XSS attacks
  • Executing arbitrary code
  • SQL injections
  • Form hijacking
  • Logging private data
  • Revealing private tokens
  • Embedding a site via IFrame
  • Uploading executable files
  • Using Brakeman to detect possible problems

Continue reading %Common Rails Security Pitfalls and Their Solutions%