Skip to content
Ruby on Rails Security Project

Hand-picked Rails security resources

Menu

  • Home
  • New here?
    • About
    • Rails security for beginners
    • Advanced Rails security
    • Essential Rails security links
  • Topics
    • Cross-Site Scripting (XSS) in Rails
    • SQL Injection in Rails
    • Rails configuration security
    • Rails security books
    • Vulnerabilities and threats
    • Cross-Site Request Forgery (CSRF)
    • All resources
  • Feed

Projects Archive

Ruby method and class injection

A class name in user input: Anything can happen.

Excel Injection via Rails downloads

A = in a name could make Excel run macros.

Rails SQL Injection with LIKE

Injection with % in SQL LIKE is common and may lead to long queries.

CSS Injection in Rails

Can CSS from the user do any harm?

A Content Security Policy (CSP) strategy

CSP is a great way to reduce or completely remove the number 1 web app security vulnerability – Cross-Site Scripting (XSS).

Cross-Site Request Forgery and Rails

CSRF explained and all related questions answered

Secure configuration of Rails applications

Store secrets in the environment variables, secure and manage them

Command injection in Rails

Injecting parameters or entire Unix commands

HTML-safe, ActiveSupport::SafeBuffer explained

How does Rails’ XSS protection work exactly

XSS protection in Haml templates

Haml templates support Rails’ XSS protection

  • Older Posts →

Meta

Rails Security Bi-Weekly
Search
Update Feed
Resources Feed
Suggest a resource

About

Hand-picked quality Rails security resources © 2006-today by bauland42 (relaunch in 2015)
About