From Rails Security to Application Security

Carsten Bormann (Universität Bremen, TZI), Steffen Bartsch (TZI, Universität Bremen)
14:30 Thursday, 4-09-2008
Location: Saal Maritim C
Presentation: external link
Average rating: ***..
(3.07, 14 ratings)

Much has been said about Rails Security, in the sense of protecting Rails deployments against a number of possible attacks. However, preventing technical vulnerabilities does not mean your Rails application actually is secure: Each application has its very own security objectives, which are as hard to find out for a developer as the other domain-specific requirements.

When employing classical security engineering for acquiring the security requirements, the resulting security model may turn into a straight-jacket and harm the application’s overall usability. In essence, an intrusion of waterfall thinking loses the advantages of Agile web development and the Rails framework in this area. Worse, disappointing user acceptance can lead to premature project termination.

In this talk, we will discuss approaches to elicit the actual security requirements of a Rails application in a small-to-medium enterprise and how to map these requirements into actionable elements of a Rails application.

Carsten Bormann

Universität Bremen, TZI

Carsten Bormann, Honorarprofessor for Internet technology at the Universität Bremen, is a protocol designer by heart, a standardization geek by necessity, and an author of the first German-language book on AJAX.

Carsten regularly teaches on agile web development, Rails, and AJAX topics.

Photo of Steffen Bartsch

Steffen Bartsch

TZI, Universität Bremen

Steffen Bartsch is a researcher at TZI, Universität Bremen, currently involved in security- and Rails-related research projects with small businesses.

News and Coverage
co-presented by Ruby Central, Inc. O'Reilly
  • Engine Yard
  • Sun Microsystems
  • Brightbox
  • ELC Technologies
  • T3N

Sponsor Opportunities

For information on exhibition and sponsorship opportunities at RailsConf Europe, contact Yvonne Romaine at

Press and Media

For media-related inquiries, contact Maureen Jennings at

Contact Us

View a complete list of RailsConf Europe Contacts