Sessions at RailsConf 2012 about Security and Ruby on Rails on Tuesday 24th April

Your current filters are…

Clear
  • Keeping Rails Applications on Track with Brakeman

    by Justin Collins

    A recent report by Veracode (http://www.veracode.com/reports/...) found cross-site scripting in 68% of surveyed web applications and SQL injection in 32%, even though these are well-known, easily preventable, and easily detectable vulnerabilities. As applications grow larger, it becomes harder and harder to manually verify that every line of code is adhering to security guidelines - even given the built-in protection available with Ruby on Rails.

    Brakeman (http://brakemanscanner.org/) is an open source static analysis tool which provides painless vulnerability scans of Rails code from "rails new" through deployment. Running Brakeman as a part of continuous integration provides feedback during all stages of development and can alert developers immediately when a potential vulnerability is introduced. Bringing security testing as close to the developer as possible (even scanning as files are saved) means security problems are caught faster - and the sooner problems are found the cheaper they are to fix.

    As a static analysis tool, Brakeman can be run without worrying about deploying the whole application stack: no webserver, database, configuration, or application dependencies required - not even Rails itself. This allows fast, easy vulnerability scans on any Rails project.

    We talk a lot about testing in the Ruby and Rails community, but somehow security testing is passed over. This needs to change!

    This talk will cover how to incorporate Brakeman into Rails development and how it can improve application security, as well as a look into how Brakeman works internally.

    At 1:30pm to 2:15pm, Tuesday 24th April

    In Salon J, Hilton Austin Downtown

    Coverage video

  • Securing the Rails

    by Aaron Bedra

    Building safe web applications isn’t always easy. The good news is that Rails provides a lot of features that will help you along the way. Aaron will walk you through the common mistakes made by web developers, and how to account for them while working with Rails. He will also walk you through some tools you can use to make securing your applications much much easier.

    At 4:00pm to 4:30pm, Tuesday 24th April

    In Room 616, Hilton Austin Downtown

Schedule incomplete?

Add a new session

Filter by Day

Filter by coverage

Filter by Topic

Filter by Venue

Filter by Space