small medium large xlarge

Security on Rails

by

Cover image for Security on Rails

Security on Rails

by

Security on Rails provides you with the tools and techniques to defend your Rails applications against attackers. Do you have a well-developed plan to test your application from a security perspective? Do you need more sophisticated access control? With Security on Rails, you can conquer the bad guys who are trying to exploit your application. You’ll see the very techniques that hackers use, and then journey through this full-fledged guide for writing secure Rails applications.

Customer Reviews

This book is the life preserver that Ruby on Rails developers need to keep them from drowning in a sea of security problems.

- John Viega

CTO, Software-as-a-Service, McAfee, Inc.

Security on Rails is a good book to take security in Rails applications a step further. It includes detailed guides for how to implement advanced security technologies in Rails. Once again, it illustrates how secure Rails apps can be.

- Heiko Webers

CEO of bauland42, Ruby on Rails Security Project

Do not deploy your next Rails application until you’ve read this book. This book details both common and uncommon security issues that you need to be aware of, whether you’re working for yourself or for a large enterprise. It’s a “must have” for the beginning or intermediate Rails developer.

- Brian Hogan

Rails consultant and trainer

Security on Rails is not a mere tutorial on how to beef up your application, but a rich opportunity to learn what vulnerabilities exist and how they’re exploited. The reader is taught not only the solutions, but how they were derived. This is a must for anyone who hosts a Rails application.

- Kevin W. Gisi

Ruby on Rails developer

A thorough and comprehensive guide to the most common security issues faced by Rails developers, this book provides real code examples of security concerns and exploits and covers how to mitigate them in a Rails application and make it more secure.

- Tore Darell

Ruby on Rails developer

See All Reviews

About this Title

Pages: 304
Published: 2009-12-08
Release: P1.0 (2009-12-08)
ISBN: 978-1-93435-648-7

The advantage of using Rails is its agility; it makes developing your web applications easy and fast. The disadvantage is that it can leave holes in your security if you are not aware of common vulnerabilities. It’s a nerve-wracking and unfortunate fact that there are plenty of malicious people lurking on the Web. As a Rails developer, it is essential that you understand how to assess risk and protect your data and your users.

Security on Rails uses established security principles to teach you how to write more secure software, defend your applications from common threats, and encrypt your data. We’ll give you an example of a hacking exploit, and explore how to fix the weaknesses in an application.

You’ll learn the steps you need to take to control access to information and authenticate users, including cryptography concepts and authorization. In addition, you’ll see how to integrate your applications with external management systems; in short, the crucial details you must consider to protect yourself and your data.

The most important element of security is to plan for it before it becomes an issue. Security on Rails helps beginner and intermediate developers to take control of their applications and guard against attacks.

Contents & Extracts

Table of Contents

Introduction

  • Getting Started
    • Hacking The Example excerpt
    • Fixing The Example
  • Building on the Basics
    • Testing for Security
    • Validation
    • Authentication: Decentralized Authentication
    • Authorization
    • Data Protection using Cryptography excerpt
    • Digital Signatures and Email
    • SSO: Centralized Authentication
  • Reference
    • Web Application Proxies
    • Authentication Appendix

Author

Ben Poweski has developed software for the last decade for the business world and as an entrepreneur. When Ben is not working on his software projects, he enjoys riding his road bike through the suburbs of Dallas, playing guitar, and spending time with his family.

David Raphael works as a software development manager for McAfee, Inc. When not spending time with his son, David enjoys reading science fiction, playing guitar, and amateur photography.