CSC/ECE 517 Fall 2013/ch1 1w20 gq: Difference between revisions
m (Created page with "How to make a Rails application secure This page discusses how security can be provided in web development, focusing on security features provided by Rails. List measures that sh...") |
(Background done) |
||
| Line 1: | Line 1: | ||
This page explores the security in Rails-based web development, focusing on security features provided by Rails and the measures and tools that should be considered while developing a Rails application to keep it safe. | |||
This page | |||
__TOC__ | __TOC__ | ||
=''' | = '''Background''' = | ||
Web application frameworks are made to help developers building web applications. In fact, however, one framework is not more secure than another: the Gartner Group estimates that 75% of attacks are at the web application layer, and found out "that out of 300 audited sites, 97% are vulnerable to attack". The threats against web applications include user account hijacking, bypass of access control, reading or modifying sensitive data, or presenting fraudulent content. Or an attacker might be able to install a Trojan horse program or unsolicited e-mail sending software, aim at financial enrichment or cause brand name damage by modifying company resources. | |||
Ruby on Rails<ref>http://rubyonrails.org/</ref>, a [http://en.wikipedia.org/wiki/Model%E2%80%93view%E2%80%93controller MVC], has many features and some clever helper methods that automatically prevent security holes. There are additional tools and gems for Ruby and Rails that can further reduce the risks and handle some of the common programming errors<ref>http://www.sans.org/top25-software-errors/</ref>. In the next section we will see how each of these errors are handled according to their classification and in the third section we will see how Rails compares with other application framework in handling these errors. | |||
=''' | = '''Built-in secure features''' = | ||
=''' | = '''Tools and plugins''' = | ||
=''' | = '''Common security errors and their mitigations''' = | ||
=''' | = '''How Ruby and Rails security compares to other platforms''' = | ||
='''References'''= | = '''Appendix''' = | ||
= '''References''' = | |||
---- | ---- | ||
<references/> | <references/> | ||
Revision as of 00:56, 17 September 2013
This page explores the security in Rails-based web development, focusing on security features provided by Rails and the measures and tools that should be considered while developing a Rails application to keep it safe.
Background
Web application frameworks are made to help developers building web applications. In fact, however, one framework is not more secure than another: the Gartner Group estimates that 75% of attacks are at the web application layer, and found out "that out of 300 audited sites, 97% are vulnerable to attack". The threats against web applications include user account hijacking, bypass of access control, reading or modifying sensitive data, or presenting fraudulent content. Or an attacker might be able to install a Trojan horse program or unsolicited e-mail sending software, aim at financial enrichment or cause brand name damage by modifying company resources.
Ruby on Rails<ref>http://rubyonrails.org/</ref>, a MVC, has many features and some clever helper methods that automatically prevent security holes. There are additional tools and gems for Ruby and Rails that can further reduce the risks and handle some of the common programming errors<ref>http://www.sans.org/top25-software-errors/</ref>. In the next section we will see how each of these errors are handled according to their classification and in the third section we will see how Rails compares with other application framework in handling these errors.
Built-in secure features
Tools and plugins
Common security errors and their mitigations
How Ruby and Rails security compares to other platforms
Appendix
References
<references/>