Dave Elkins

Search It!

Entries from April 2007

Preventing XSS Attacks in your Rails Application

April 19th, 2007 · No Comments

Preventing XSS attacks in your Rails application turns out to be fairly easy thanks to some built in functionalities of Rails.
Lets first start out talking about ways to prevent XSS scripting in general before we see how rails can help us. These are three things you can do:

Validate all request parameters and form data [...]

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • DZone
  • Wists
  • BlinkList
  • blogmarks
  • Ma.gnolia
  • NewsVine
  • Slashdot
  • StumbleUpon
  • Technorati
  • Facebook
  • TwitThis

[Read more →]

Tags: rails · security

A couple great posts about Session Hijacking

April 18th, 2007 · No Comments

The Ruby on Rails Security Blog has a couple great post about session hijacking and how to prevent it in your Rails applications. This is a great blog that has a lot of good information about web app security for rails.
http://www.rorsecurity.info/2007/04/12/session-hijacking/ http://www.rorsecurity.info/2007/04/15/session-fixation-in-rails/

Share and Enjoy:
These icons link to social bookmarking sites where readers can share [...]

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • DZone
  • Wists
  • BlinkList
  • blogmarks
  • Ma.gnolia
  • NewsVine
  • Slashdot
  • StumbleUpon
  • Technorati
  • Facebook
  • TwitThis

[Read more →]

Tags: rails · security

Intro to Cross Site Scripting

April 17th, 2007 · No Comments

What is it?
Cross Site Scripting, or XSS has it is commonly referred to, is when an attacker use malicious scripting code to either attack an end user’s computer, impersonate another user or attack a web site. This can be done in several ways from malicious web sites to an attacker injecting code into unprotected [...]

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • DZone
  • Wists
  • BlinkList
  • blogmarks
  • Ma.gnolia
  • NewsVine
  • Slashdot
  • StumbleUpon
  • Technorati
  • Facebook
  • TwitThis

[Read more →]

Tags: security

Attacks on Web Applications

April 16th, 2007 · No Comments

Over the next couple of weeks I am going to start writing about web application security and types of attacks that we as developers must know about and defend our applications against.
The three main types of attacks are:

Cross Site Scripting (XSS)
Cross Site Request Forgery (CSRF)
SQL Injection

These are significant issues and there is a large number [...]

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • DZone
  • Wists
  • BlinkList
  • blogmarks
  • Ma.gnolia
  • NewsVine
  • Slashdot
  • StumbleUpon
  • Technorati
  • Facebook
  • TwitThis

[Read more →]

Tags: security

Rails on EC2 made easy

April 11th, 2007 · No Comments

Steve Odom has released Elastic Rails which is a plugin that allows you to easily deploy your Rails app to EC2 using Capistrano.

Share and Enjoy:
These icons link to social bookmarking sites where readers can share and discover new web pages.

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • DZone
  • Wists
  • BlinkList
  • blogmarks
  • Ma.gnolia
  • NewsVine
  • Slashdot
  • StumbleUpon
  • Technorati
  • Facebook
  • TwitThis

[Read more →]

Tags: AWS · Rails Plugins · rails

The Absolute Moron’s Guide to Capistrano

April 9th, 2007 · No Comments

This looks like a really good intro guide to Capistrano. I have been meaning to try out Capistrano and I think this is the tutorial I am going to use to get started.
http://www.softiesonrails.com/2007/4/5/the-absolute-moron-s-guide-to-capistrano

Share and Enjoy:
These icons link to social bookmarking sites where readers can share and discover new web pages.

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • DZone
  • Wists
  • BlinkList
  • blogmarks
  • Ma.gnolia
  • NewsVine
  • Slashdot
  • StumbleUpon
  • Technorati
  • Facebook
  • TwitThis

[Read more →]

Tags: rails

Steve Gibson continues his series on Scripting Security in Security Now Episode 86

April 6th, 2007 · No Comments

Steve Gibson continues his excellent series on scripting security. He talks about cross-site scripting in the is episode. He goes into details about how an attack works, gives some examples and provides several great links. This is a must listen to for anyone developing web sites or web applications.
Have a listen [link]

Share [...]

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • DZone
  • Wists
  • BlinkList
  • blogmarks
  • Ma.gnolia
  • NewsVine
  • Slashdot
  • StumbleUpon
  • Technorati
  • Facebook
  • TwitThis

[Read more →]

Tags: podcast · security

Security Now 85: Cross Site Scripting and Jikto

April 5th, 2007 · No Comments

In this episode, Leo Laporte and Steve Gibson talk about Cross Site Scripting – what it is, some of the dangers, examples of attacks and discuss automated tools that help expose venerabilities in your web app or site. They also discuss in depth something called Jikto that can potential take over your computer through [...]

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • DZone
  • Wists
  • BlinkList
  • blogmarks
  • Ma.gnolia
  • NewsVine
  • Slashdot
  • StumbleUpon
  • Technorati
  • Facebook
  • TwitThis

[Read more →]

Tags: podcast · security

Rails Plugins that help prevent CSRF attacks

April 5th, 2007 · No Comments

There are two plugins that can help prevent CSRF attacks. I have not had a chance to take these for a test drive but I will soon and I blog about how they work. CSRF stands for Cross-site request forgery Attack (link) and is an upcoming type of attack used against web sites.
Security [...]

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • DZone
  • Wists
  • BlinkList
  • blogmarks
  • Ma.gnolia
  • NewsVine
  • Slashdot
  • StumbleUpon
  • Technorati
  • Facebook
  • TwitThis

[Read more →]

Tags: Rails Plugins · security

Description of different types of web attacks

April 4th, 2007 · No Comments

Nadav Samet provides a good description of the three major attacks that happen that can be prevented through the code of your web site.

Here is the link.

Share and Enjoy:
These icons link to social bookmarking sites where readers can share and discover new web pages.

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • DZone
  • Wists
  • BlinkList
  • blogmarks
  • Ma.gnolia
  • NewsVine
  • Slashdot
  • StumbleUpon
  • Technorati
  • Facebook
  • TwitThis

[Read more →]

Tags: security