Ruby on Rails security cheatsheet

Ruby on Rails is a free web application framework that aims to increase the speed and ease with which database-driven web sites can be created and offers skeleton code frameworks from the outset. Often shortened to Rails, or RoR, Ruby on Rails is an open source project written in the Ruby programming language and applications using the Rails framework are developed using the Model-View-Controller design pattern.

Heiko Webers is the man behind the Ruby on Rails Security Project and his blog details a rather informative Ruby on Rails Security Cheatsheet that details information on the following topics:

  • Why security is important
  • What can happen?
  • Sessions
  • Cross-Site Request Forgery (CSRF)
  • Cross-Site Scripting (XSS)
  • Secrets
  • SQL Injection
  • Validation
  • Regular Expressions
  • Working with files
  • Securing your MySQL setup
  • Securing your Apache setup
  • The mass-assignment problem

Don't miss