Preventing XSS attacks in your Rails application turns out to be fairly easy thanks to some built in functionalities of Rails.
Lets first start out talking about ways to prevent XSS scripting in general before we see how rails can help us. These are three things you can do:
Validate all request parameters and form data [...]
The Ruby on Rails Security Blog has a couple great post about session hijacking and how to prevent it in your Rails applications. This is a great blog that has a lot of good information about web app security for rails.
http://www.rorsecurity.info/2007/04/12/session-hijacking/ http://www.rorsecurity.info/2007/04/15/session-fixation-in-rails/
Share and Enjoy:
These icons link to social bookmarking sites where readers can share [...]
What is it?
Cross Site Scripting, or XSS has it is commonly referred to, is when an attacker use malicious scripting code to either attack an end user’s computer, impersonate another user or attack a web site. This can be done in several ways from malicious web sites to an attacker injecting code into unprotected [...]
Tags: security
Over the next couple of weeks I am going to start writing about web application security and types of attacks that we as developers must know about and defend our applications against.
The three main types of attacks are:
Cross Site Scripting (XSS)
Cross Site Request Forgery (CSRF)
SQL Injection
These are significant issues and there is a large number [...]
Tags: security
Steve Odom has released Elastic Rails which is a plugin that allows you to easily deploy your Rails app to EC2 using Capistrano.
Share and Enjoy:
These icons link to social bookmarking sites where readers can share and discover new web pages.
Tags: AWS · Rails Plugins · rails
This looks like a really good intro guide to Capistrano. I have been meaning to try out Capistrano and I think this is the tutorial I am going to use to get started.
http://www.softiesonrails.com/2007/4/5/the-absolute-moron-s-guide-to-capistrano
Share and Enjoy:
These icons link to social bookmarking sites where readers can share and discover new web pages.
Tags: rails
Steve Gibson continues his excellent series on scripting security. He talks about cross-site scripting in the is episode. He goes into details about how an attack works, gives some examples and provides several great links. This is a must listen to for anyone developing web sites or web applications.
Have a listen [link]
Share [...]
In this episode, Leo Laporte and Steve Gibson talk about Cross Site Scripting – what it is, some of the dangers, examples of attacks and discuss automated tools that help expose venerabilities in your web app or site. They also discuss in depth something called Jikto that can potential take over your computer through [...]
There are two plugins that can help prevent CSRF attacks. I have not had a chance to take these for a test drive but I will soon and I blog about how they work. CSRF stands for Cross-site request forgery Attack (link) and is an upcoming type of attack used against web sites.
Security [...]
Tags: Rails Plugins · security
Nadav Samet provides a good description of the three major attacks that happen that can be prevented through the code of your web site.
Here is the link.
Share and Enjoy:
These icons link to social bookmarking sites where readers can share and discover new web pages.
Tags: security
