• Engine Yard
  • LivingSocial
  • VMware
  • Heroku
  • Rackspace Hosting
  • Blue Box Group
  • JetBrains
  • New Relic
  • Percona
  • Pivotal Labs
  • Rails Dog
  • WyeWorks
  • Chargify

Sponsorship Opportunities

For information on exhibition and sponsorship opportunities at RailsConf, contact Yvonne Romaine at yromaine@oreilly.com.

Download the RailsConf Sponsor/Exhibitor Prospectus

Contact Us

View a complete list of RailsConf contacts.

Securing Your Rails App

Jim Weirich (Neo Innovation), Matt Yoho (EdgeCase)
General
Location: Ballroom II
Average rating: ****.
(4.07, 30 ratings)

“Then it starts to scan the computer and transmit bits of
information every time he clicks the mouse while he’s surfing. After
a while, […] we’ve accumulated a complete mirror image of the
content of his hard drive […]. And then it’s time for the hostile
takeover.”

— Lisbeth Salander in Stieg Larsson’s “The Girl with the Dragon Tattoo”

Hacker dramas like the Stieg Larrson book make for good fiction, but
we know that real life rarely matches drama. And with all the
security features that Rails 3 has added, surely it is difficult to
hack a typical Rails web site.

Right?

Wrong! Without deliberate attention to the details of security, it
almost certain that your site has flaws that a knowledgeable hacker
can exploit. This talk will cover the ins and outs of web security
and help you build a site that is protected from the real Lisbeth
Salanders of the world.

Photo of Jim Weirich

Jim Weirich

Neo Innovation

Jim Weirich is the Chief Scientist for EdgeCase LLC, a Rails development firm located in Columbus Ohio. Jim has over twenty-five years of experience in software development. He has worked with real-time data systems for testing jet engines, networking software for information systems, and image processing software for the financial industry. Jim is active in the Ruby community and has contributed to several Ruby projects, including the Rake build system and the RubyGems package software.

Matt Yoho

EdgeCase

Matt Yoho is a developer and agile enthusiast with a love for Ruby and the web who works for EdgeCase, LLC in Columbus, OH. He is a supporter of the Software Craftsmanship movement and is the coordinator of the apprenticeship program at EdgeCase. A teacher, trainer, and speaker when possible, he likes comic books, karaoke, Free Software, and sweet potato fries. He is one fairly hep cat.

Comments on this page are now closed.

Comments

Picture of Joey Butler
05/19/2011 5:55pm EDT

Great presentation style and delivery. An additional resource for XSS would be ha.ckers.org/xss.html. It really goes in depth and gives examples of unicode and base-encoding examples.

05/19/2011 3:26pm EDT

slow start but quickly jumped into advanced topics that are hard to understand from reading on your own; very helpful.

Jeffrey Cutler
05/19/2011 11:58am EDT

I look forward to demoing the security problems outlined in my local Ruby Brigade meeting! Great presentation!

Picture of Iain Hecker
05/19/2011 11:57am EDT

very good introduction on the basics, good demos, very clear

05/19/2011 11:55am EDT

Really appreciated all the concrete examples. Thanks for taking the time to plan demos of each point you discussed. Great job!