Security on Rails (2009)

Ben Poweski and David Raphael released a Rails security book in 2009 with The Pragmatic Programmers. It’s still available in some shops. The topics include:

  • Hacking the example and fixing these exploits:
    • Manipulating parameters
    • Broken authentication
    • SQL Injection
    • Cross-Site Scripting
    • Cross-Site Request Forgery
  • Rails security and tests
  • Validations
  • Authentication
  • Authorization
  • Cryptography
  • Digital Signatures and Emails
  • SSO: Centralized Authentication