CSC/ECE 517 Fall 2014/ch1a 23 ss: Difference between revisions

From Expertiza_Wiki
Jump to navigation Jump to search
Line 9: Line 9:


The threats against web applications include  
The threats against web applications include  
==user account hijacking==  
==user account hijacking==
 
Session Hijacking
 
Cross-Site Request Forgery (CSRF)
 
==bypass of access control==
==bypass of access control==
==reading or modifying sensitive data==
==reading or modifying sensitive data==

Revision as of 00:37, 17 September 2014

Security Features in Rails 4.x

This wiki aims to highlight all the security features in a popular web application framework: Rails 4.x


Threats Against Web Applications

The threats against web applications include

user account hijacking

Session Hijacking

Cross-Site Request Forgery (CSRF)

bypass of access control

reading or modifying sensitive data

presenting fraudulent content

Trojan horse

Security Enhancements

CSRF via Leaky #match Routes

Regular Expression Anchors in Format Validations

Clickjacking

User-Readable Sessions

Unresolved Issues

Verbose Servers Headers

Binding to 0.0.0.0

Versioned Secret Tokens

Logging Values in SQL statements

Offsite Redirects

Reference

http://blog.codeclimate.com/blog/2013/03/27/rails-insecure-defaults/