The slides from the 24C3 session "Ruby on Rails Security" by Jonathan Weiss, 30.12.2007. …
The slides from the 24C3 session "Ruby on Rails Security" by Jonathan Weiss, 30.12.2007.
Even though Ruby on Rails introduces a lot of best practices to the developer, it is still quite easy for an imprudent programmer to forget that every web application is a potential target. Web application attacks like Cross Site Scripting or Cross Site Request Forgery are very popular these days and every Rails developer should have an idea about the different possibilities that his application presents to an attacker.