24C3 - 1.01

24th Chaos Communication Congress
Volldampf voraus!

Referenten
Jonathan Weiss
Programm
Tag Tag 4 (2007-12-30)
Raum Saal 2
Beginn 14:00
Dauer 01:00
Info
ID 2252
Veranstaltungstyp lecture
Track Hacking
Sprache en
Feedback

Ruby on Rails Security

This talk will focus on the security of the Ruby on Rails Web Framework. Some dos and don’ts will be presented along with security Best Practices for common attacks like session fixation, XSS, SQL injection, and deployment weaknesses.

Even though Ruby on Rails introduces a lot of best practices to the developer, it is still quite easy for an imprudent programmer to forget that every web application is a potential target. Web application attacks like Cross Site Scripting or Cross Site Request Forgery are very popular these days and every Rails developer should have an idea about the different possibilities that his application presents to an attacker.

This talk will cover most of the common web application vulnerabilities like Cross Site Scripting and Cross Site Request Forgery, SQL and Code injection, and deployment security and how they apply to Rails. Further Ruby on Rails specific issues like Rails plugin security, JavaScript/Ajax security, and Rails configuration will be examined and best practices introduced.