CSC/ECE 517 Fall 2013/ch1 1w20 gq: Difference between revisions

From Expertiza_Wiki
Jump to navigation Jump to search
mNo edit summary
Line 1: Line 1:
This page explores the security in Rails-based web development, focusing on security features provided by Rails and the measures and tools that should be considered while developing a Rails application to keep it safe.
This page explores the security in Rails-based web development, focusing on security features provided by Rails and the measures, as well as gems, that should be considered while developing a Rails application to keep it safe.


__TOC__
__TOC__
Line 10: Line 10:
= '''Built-in secure features''' =
= '''Built-in secure features''' =


= '''Tools and plugins''' =
= '''Tools and gems''' =


= '''Common security errors and their mitigations''' =
= '''Common security errors and their mitigations''' =

Revision as of 01:21, 17 September 2013

This page explores the security in Rails-based web development, focusing on security features provided by Rails and the measures, as well as gems, that should be considered while developing a Rails application to keep it safe.

Background

Web application frameworks are made to help developers building web applications. In fact, however, one framework is not more secure than another: the Gartner Group estimates that 75% of attacks are at the web application layer, and found out "that out of 300 audited sites, 97% are vulnerable to attack". The threats against web applications include user account hijacking, bypass of access control, reading or modifying sensitive data, or presenting fraudulent content. Or an attacker might be able to install a Trojan horse program or unsolicited e-mail sending software, aim at financial enrichment or cause brand name damage by modifying company resources.

Ruby on Rails<ref>http://rubyonrails.org/</ref>, a MVC, has many features and some clever helper methods that automatically prevent security holes. There are additional tools and gems for Ruby and Rails that can further reduce the risks and handle some of the common programming errors<ref>http://www.sans.org/top25-software-errors/</ref>. In the next section we will see how each of these errors are handled according to their classification and in the third section we will see how Rails compares with other application framework in handling these errors.

Built-in secure features

Tools and gems

Common security errors and their mitigations

How Ruby and Rails security compares to other platforms

Appendix

References


<references/>