Security on Rails provides you with the tools and techniques to defend your Rails applications against attackers. Do you have a well-developed plan to test your application from a security perspective? Do you need more sophisticated access control? With Security on Rails, you can conquer the bad guys who are trying to exploit your application. You’ll see the very techniques that hackers use, and then journey through this full-fledged guide for writing secure Rails applications.

Out of Print

This book is currently out of print.

About this Book

  • 304 pages
  • Published:
  • Release: P1.0 (2009-12-08)
  • ISBN: 978-1-93435-648-7

The advantage of using Rails is its agility; it makes developing your web applications easy and fast. The disadvantage is that it can leave holes in your security if you are not aware of common vulnerabilities. It’s a nerve-wracking and unfortunate fact that there are plenty of malicious people lurking on the Web. As a Rails developer, it is essential that you understand how to assess risk and protect your data and your users.

Security on Rails uses established security principles to teach you how to write more secure software, defend your applications from common threats, and encrypt your data. We’ll give you an example of a hacking exploit, and explore how to fix the weaknesses in an application.

You’ll learn the steps you need to take to control access to information and authenticate users, including cryptography concepts and authorization. In addition, you’ll see how to integrate your applications with external management systems; in short, the crucial details you must consider to protect yourself and your data.

The most important element of security is to plan for it before it becomes an issue. Security on Rails helps beginner and intermediate developers to take control of their applications and guard against attacks.

Contents and Extracts

Table of Contents


  • Getting Started
    • Hacking The Example excerpt
    • Fixing The Example
  • Building on the Basics
    • Testing for Security
    • Validation
    • Authentication: Decentralized Authentication
    • Authorization
    • Data Protection using Cryptography excerpt
    • Digital Signatures and Email
    • SSO: Centralized Authentication
  • Reference
    • Web Application Proxies
    • Authentication Appendix

About the Author

Ben Poweski has developed software for the last decade for the business world and as an entrepreneur. When Ben is not working on his software projects, he enjoys riding his road bike through the suburbs of Dallas, playing guitar, and spending time with his family.

David Raphael works as a software development manager for McAfee, Inc. When not spending time with his son, David enjoys reading science fiction, playing guitar, and amateur photography.

Comments and Reviews

  • This book is the life preserver that Ruby on Rails developers need to keep them from drowning in a sea of security problems.

    —John Viega CTO, Software-as-a-Service McAfee, Inc.
  • Security on Rails is a good book to take security in Rails applications a step further. It includes detailed guides for how to implement advanced security technologies in Rails. Once again, it illustrates how secure Rails apps can be.

    —Heiko Webers CEO of bauland42, Ruby on Rails Security Project
  • Do not deploy your next Rails application until you’ve read this book. This book details both common and uncommon security issues that you need to be aware of, whether you’re working for yourself or for a large enterprise. It’s a “must have” for the beginning or intermediate Rails developer.

    —Brian Hogan Rails consultant and trainer
  • Security on Rails is not a mere tutorial on how to beef up your application, but a rich opportunity to learn what vulnerabilities exist and how they’re exploited. The reader is taught not only the solutions, but how they were derived. This is a must for anyone who hosts a Rails application.

    —Kevin W. Gisi Ruby on Rails developer
  • A thorough and comprehensive guide to the most common security issues faced by Rails developers, this book provides real code examples of security concerns and exploits and covers how to mitigate them in a Rails application and make it more secure.

    —Tore Darell Ruby on Rails developer