24C3 - 1.01
24th Chaos Communication Congress
Volldampf voraus!
| Speakers | |
|---|---|
|
Jonathan Weiss |
| Schedule | |
|---|---|
| Day | Day 4 (2007-12-30) |
| Room | Saal 2 |
| Start time | 14:00 |
| Duration | 01:00 |
| Info | |
| ID | 2252 |
| Event type | lecture |
| Track | Hacking |
| Language | en |
| Feedback | |
|---|---|
|
Did you attend this event? Give Feedback |
Ruby on Rails Security
This talk will focus on the security of the Ruby on Rails Web Framework. Some dos and don’ts will be presented along with security Best Practices for common attacks like session fixation, XSS, SQL injection, and deployment weaknesses.
Even though Ruby on Rails introduces a lot of best practices to the developer, it is still quite easy for an imprudent programmer to forget that every web application is a potential target. Web application attacks like Cross Site Scripting or Cross Site Request Forgery are very popular these days and every Rails developer should have an idea about the different possibilities that his application presents to an attacker.
This talk will cover most of the common web application vulnerabilities like Cross Site Scripting and Cross Site Request Forgery, SQL and Code injection, and deployment security and how they apply to Rails. Further Ruby on Rails specific issues like Rails plugin security, JavaScript/Ajax security, and Rails configuration will be examined and best practices introduced.