CSC/ECE 517 Fall 2014/ch1a 23 ss: Difference between revisions
Jump to navigation
Jump to search
| Line 35: | Line 35: | ||
= Reference = | = Reference = | ||
http://blog.codeclimate.com/blog/2013/03/27/rails-insecure-defaults/ | http://blog.codeclimate.com/blog/2013/03/27/rails-insecure-defaults/ | ||
http://guides.rubyonrails.org/security.html | |||
Revision as of 02:16, 17 September 2014
Security Features in Rails 4.x
This wiki aims to highlight all the security features in a popular web application framework: Rails 4.x
Threats Against Web Applications
The threats against web applications include
user account hijacking
Session Hijacking
Cross-Site Request Forgery (CSRF)
bypass of access control
reading or modifying sensitive data
presenting fraudulent content
Trojan horse
Security Enhancements
CSRF via Leaky #match Routes
Regular Expression Anchors in Format Validations
Clickjacking
User-Readable Sessions
Unresolved Issues
Verbose Servers Headers
Binding to 0.0.0.0
Versioned Secret Tokens
Logging Values in SQL statements
Offsite Redirects
Reference
http://blog.codeclimate.com/blog/2013/03/27/rails-insecure-defaults/