Ben Poweski and David Raphael released a Rails security book in 2009 with The Pragmatic Programmers. It’s still available in some shops. The topics include:
- Hacking the example and fixing these exploits:
- Manipulating parameters
- Broken authentication
- SQL Injection
- Cross-Site Scripting
- Cross-Site Request Forgery
- Rails security and tests
- Validations
- Authentication
- Authorization
- Cryptography
- Digital Signatures and Emails
- SSO: Centralized Authentication
