Security on Rails

Jonathan Weiss (Peritor GmbH)
15:20 Wednesday, 3-09-2008
General
Location: Saal Maritim B
Presentation: Security on Rails Presentation [PDF]
Average rating: ****.
(4.18, 33 ratings)

Even though Ruby on Rails introduces a lot of best practices to the developer, it is still quite easy for an imprudent programmer to forget that every web application is a potential target. Web application attacks like Cross Site Scripting or Cross Site Request Forgery are very popular these days and every Rails developer should have an idea about the different possibilities that his application presents to an attacker.

This talk will cover most of the common web application vulnerabilities like Cross Site Scripting and Cross Site Request Forgery, SQL and Code injection, and deployment security and how they apply to Rails. Further Ruby on Rails specific issues like Rails plugin security, JavaScript/Ajax security, and Rails deployment security will be examined and best practices introduced.

Jonathan Weiss

Peritor GmbH

Jonathan Weiss is a Ruby consultant and partner at Peritor Wissensmanagement GmbH in Berlin, Germany. For the last years he has been developing and consulting large Ruby on Rails projects where he focused on Scalability and Security. He is an active member of the Ruby and Rails community and is the developer of the Open Source deployment tool Webistrano. In his spare time he maintains Rubygems and Rails in the FreeBSD Ports system.

News and Coverage
co-presented by Ruby Central, Inc. O'Reilly
  • Engine Yard
  • Sun Microsystems
  • Brightbox
  • ELC Technologies
  • T3N

Sponsor Opportunities

For information on exhibition and sponsorship opportunities at RailsConf Europe, contact Yvonne Romaine at yromaine@oreilly.com

Press and Media

For media-related inquiries, contact Maureen Jennings at maureen@oreilly.com.

Contact Us

View a complete list of RailsConf Europe Contacts