Rails Application Security in Practice
by Bryan Helmkamp
Out of the box, Rails does its best to help you secure your app. Unfortunately, without consistent application of secure development principles, practices and tools, it's just a matter of time before vulnerabilities creep in. Despite Rails' secure defaults, most Rails applications have vulnerabilities, many of which are easy to detect and fix. As a community, increased awareness and understand of web application security puts us in the best position to avoid breaches (like the GitHub SSH key fiasco), and keep our businesses safe. The best time to start locking down your app is now, not after your first close call (or worse). We'll walk through exactly what you need to reduce the risk of a security breach to your business, beyond the Rails defaults.