Here are my slides for my talk at the RubyFools Conference in Copenhagen, home of Rails. It was about advanced Rails security topics, including:
- Injection in different contexts
- Whitelists vs. Blacklists
- Cross-Site Reference Forgery (CSRF)
- Intranet and Admin security
- Session fixation
- Login security
- User management
- CookieStore
- Working with files
- The idea of negative CAPTCHAs
