small medium large xlarge

Security on Rails


Cover image for Security on Rails

Security on Rails


Security on Rails provides you with the tools and techniques to defend your Rails applications against attackers. Do you have a well-developed plan to test your application from a security perspective? Do you need more sophisticated access control? With Security on Rails, you can conquer the bad guys who are trying to exploit your application. You’ll see the very techniques that hackers use, and then journey through this full-fledged guide for writing secure Rails applications.

About this Title

Pages: 304
Published: 2009-12-08
Release: P1.0 (2009-12-08)
ISBN: 978-1-93435-648-7

The advantage of using Rails is its agility; it makes developing your web applications easy and fast. The disadvantage is that it can leave holes in your security if you are not aware of common vulnerabilities. It’s a nerve-wracking and unfortunate fact that there are plenty of malicious people lurking on the Web. As a Rails developer, it is essential that you understand how to assess risk and protect your data and your users.

Security on Rails uses established security principles to teach you how to write more secure software, defend your applications from common threats, and encrypt your data. We’ll give you an example of a hacking exploit, and explore how to fix the weaknesses in an application.

You’ll learn the steps you need to take to control access to information and authenticate users, including cryptography concepts and authorization. In addition, you’ll see how to integrate your applications with external management systems; in short, the crucial details you must consider to protect yourself and your data.

The most important element of security is to plan for it before it becomes an issue. Security on Rails helps beginner and intermediate developers to take control of their applications and guard against attacks.

Read the reviews .

Contents & Extracts

Table of Contents


  • Getting Started
    • Hacking The Example excerpt
    • Fixing The Example
  • Building on the Basics
    • Testing for Security
    • Validation
    • Authentication: Decentralized Authentication
    • Authorization
    • Data Protection using Cryptography excerpt
    • Digital Signatures and Email
    • SSO: Centralized Authentication
  • Reference
    • Web Application Proxies
    • Authentication Appendix


Ben Poweski has developed software for the last decade for the business world and as an entrepreneur. When Ben is not working on his software projects, he enjoys riding his road bike through the suburbs of Dallas, playing guitar, and spending time with his family.

David Raphael works as a software development manager for McAfee, Inc. When not spending time with his son, David enjoys reading science fiction, playing guitar, and amateur photography.