Chapters

1. Common security problems
1. SQL Injection
• The problem
• How to protect your application
• Using arbitrary strings in conditions and SQL statements
• Extracting queries into model methods
2. Cross Site Scripting (CSS/XSS)
• The problem
• Example of an attack
• How to protect your application
• XSS attacks using an echo service
2. Typical mistakes in Rails applications
1. Creating records directly from form parameters
• The problem
• The solution

Options

exports
recent changes
rss 2.0 | atom

Authors

Login Signup

About "Securing your Rails application"

This manual describes common security problems in web applications and how to avoid them with Rails. If you have any questions or suggestions, please mail me at ror(at)andreas-s.net.

Contents

1. Common security problems
1. SQL Injection
• The problem
• How to protect your application
• Using arbitrary strings in conditions and SQL statements
• Extracting queries into model methods
2. Cross Site Scripting (CSS/XSS)
• The problem
• Example of an attack
• How to protect your application
• XSS attacks using an echo service
2. Typical mistakes in Rails applications
1. Creating records directly from form parameters
• The problem
• The solution