Sessions at RailsConf 2012 about Web Application Security and Security and Ruby on Rails

Your current filters are…

Clear

Monday 23rd April 2012

  • Securing your site

    by Thomas Pomfret

    Rails makes it very easy to rapidly develop web applications, but doesn’t always make it so simple to deploy or secure them.

    This talk is going to focus on best practices to secure your rails application, learnt through multiple high profile projects and penetration tests. The talk will be practical and show that this isn’t necessarily hard if thought about from the start.

    We’ll also touch on getting the right balance of security without it getting in the way of the users.

    At 4:00pm to 4:45pm, Monday 23rd April

    In Salon J, Hilton Austin Downtown

Tuesday 24th April 2012

  • Keeping Rails Applications on Track with Brakeman

    by Justin Collins

    A recent report by Veracode (http://www.veracode.com/reports/...) found cross-site scripting in 68% of surveyed web applications and SQL injection in 32%, even though these are well-known, easily preventable, and easily detectable vulnerabilities. As applications grow larger, it becomes harder and harder to manually verify that every line of code is adhering to security guidelines - even given the built-in protection available with Ruby on Rails.

    Brakeman (http://brakemanscanner.org/) is an open source static analysis tool which provides painless vulnerability scans of Rails code from "rails new" through deployment. Running Brakeman as a part of continuous integration provides feedback during all stages of development and can alert developers immediately when a potential vulnerability is introduced. Bringing security testing as close to the developer as possible (even scanning as files are saved) means security problems are caught faster - and the sooner problems are found the cheaper they are to fix.

    As a static analysis tool, Brakeman can be run without worrying about deploying the whole application stack: no webserver, database, configuration, or application dependencies required - not even Rails itself. This allows fast, easy vulnerability scans on any Rails project.

    We talk a lot about testing in the Ruby and Rails community, but somehow security testing is passed over. This needs to change!

    This talk will cover how to incorporate Brakeman into Rails development and how it can improve application security, as well as a look into how Brakeman works internally.

    At 1:30pm to 2:15pm, Tuesday 24th April

    In Salon J, Hilton Austin Downtown

    Coverage video

  • Securing the Rails

    by Aaron Bedra

    Building safe web applications isn’t always easy. The good news is that Rails provides a lot of features that will help you along the way. Aaron will walk you through the common mistakes made by web developers, and how to account for them while working with Rails. He will also walk you through some tools you can use to make securing your applications much much easier.

    At 4:00pm to 4:30pm, Tuesday 24th April

    In Room 616, Hilton Austin Downtown

Schedule incomplete?

Add a new session

Filter by Day

Filter by coverage

Filter by Topic

Filter by Venue

Filter by Space