small medium large xlarge

Security on Rails


Cover image for Security on Rails

Security on Rails


Security on Rails provides you with the tools and techniques to defend your Rails applications against attackers. Do you have a well-developed plan to test your application from a security perspective? Do you need more sophisticated access control? With Security on Rails, you can conquer the bad guys who are trying to exploit your application. You’ll see the very techniques that hackers use, and then journey through this full-fledged guide for writing secure Rails applications.

Customer Reviews

This book is the life preserver that Ruby on Rails developers need to
keep them from drowning in a sea of security problems.

- John Viega

CTO, Software-as-a-Service, McAfee, Inc.

Security on Rails is a good book to take security in Rails applications
a step further. It includes detailed guides for how to implement
advanced security technologies in Rails. Once again, it illustrates how
secure Rails apps can be.

- Heiko Webers

CEO of bauland42, Ruby on Rails Security Project

Do not deploy your next Rails application until you’ve read this book.
This book details both common and uncommon security issues that
you need to be aware of, whether you’re working for yourself or for a
large enterprise. It’s a “must have” for the beginning or intermediate
Rails developer.

- Brian Hogan

Rails consultant and trainer

Security on Rails is not a mere tutorial on how to beef up your application,
but a rich opportunity to learn what vulnerabilities exist and
how they’re exploited. The reader is taught not only the solutions, but
how they were derived. This is a must for anyone who hosts a Rails

- Kevin W. Gisi

Ruby on Rails developer

A thorough and comprehensive guide to the most common security
issues faced by Rails developers, this book provides real code examples
of security concerns and exploits and covers how to mitigate
them in a Rails application and make it more secure.

- Tore Darell

Ruby on Rails developer

See All Reviews

About this Title

Pages: 304
Published: 2009-12-08
Release: P1.0 (2009-12-08)
ISBN: 978-1-93435-648-7

The advantage of using Rails is its agility; it makes developing your web applications easy and fast. The disadvantage is that it can leave holes in your security if you are not aware of common vulnerabilities. It’s a nerve-wracking and unfortunate fact that there are plenty of malicious people lurking on the Web. As a Rails developer, it is essential that you understand how to assess risk and protect your data and your users.

Security on Rails uses established security principles to teach you how to write more secure software, defend your applications from common threats, and encrypt your data. We’ll give you an example of a hacking exploit, and explore how to fix the weaknesses in an application.

You’ll learn the steps you need to take to control access to information and authenticate users, including cryptography concepts and authorization. In addition, you’ll see how to integrate your applications with external management systems; in short, the crucial details you must consider to protect yourself and your data.

The most important element of security is to plan for it before it becomes an issue. Security on Rails helps beginner and intermediate developers to take control of their applications and guard against attacks.

Contents & Extracts

Table of Contents


  • Getting Started
    • Hacking The Example excerpt
    • Fixing The Example
  • Building on the Basics
    • Testing for Security
    • Validation
    • Authentication: Decentralized Authentication
    • Authorization
    • Data Protection using Cryptography excerpt
    • Digital Signatures and Email
    • SSO: Centralized Authentication
  • Reference
    • Web Application Proxies
    • Authentication Appendix


Ben Poweski has developed software for the last decade for the business world and as an entrepreneur. When Ben is not working on his software projects, he enjoys riding his road bike through the suburbs of Dallas, playing guitar, and spending time with his family.

David Raphael works as a software development manager for McAfee, Inc. When not spending time with his son, David enjoys reading science fiction, playing guitar, and amateur photography.