CSC/ECE 517 Fall 2014/ch1a 23 ss: Difference between revisions

From Expertiza_Wiki
Jump to navigation Jump to search
(Cut Paste)
 
Line 29: Line 29:


= Reference =
= Reference =
[[http://blog.codeclimate.com/blog/2013/03/27/rails-insecure-defaults/]]
http://blog.codeclimate.com/blog/2013/03/27/rails-insecure-defaults/

Revision as of 18:49, 16 September 2014

Security Features in Rails 4.x

This wiki aims to highlight all the security features in a popular web application framework: Rails 4.x


Threats Against Web Applications

The threats against web applications include

user account hijacking

bypass of access control

reading or modifying sensitive data

presenting fraudulent content

Trojan horse

Security Enhancements

CSRF via Leaky #match Routes

Regular Expression Anchors in Format Validations

Clickjacking

User-Readable Sessions

Unresolved Issues

Verbose Servers Headers

Binding to 0.0.0.0

Versioned Secret Tokens

Logging Values in SQL statements

Offsite Redirects

Reference

http://blog.codeclimate.com/blog/2013/03/27/rails-insecure-defaults/