26 : Ruby on Rails Security & OWASP RailsGoat
The Web Platform Podcast · The Web Platform Podcast
Audio is streamed directly from the publisher (traffic.libsyn.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
While working to secure Rails applications in a truly Agile development environment, it became clear to Ken Johnson (@cktricky), CTO of nVisium Security, and Mike McCabe (@mccabe615) that the Rails community needed attention to security in the form of free and open training. The events that have transpired this past year have only reinforced that belief. RailsGoat, an OWASP project, is an attempt to bring attention to both the problems that most frequently occur in Rails, solutions for remediation, and common attack scenarios. Ken, Mike, and their contributors built a vulnerable Rails application that aligns with the OWASP Top 10 and can be used as a training tool for Rails-based development shops.
Resources
-
Brakeman - http://brakemanscanner.org/
-
RailsGoat - http://railsgoat.cktricky.com/
-
OWASP - https://www.owasp.org/
-
OWASP NoVA - http://www.meetup.com/OWASP-Northern-Virginia-Chapter/
-
Rails Security Guide - http://guides.rubyonrails.org/security.html
-
RoR Security Google Group - https://groups.google.com/forum/#!forum/rubyonrails-security
-
DevOops Video - https://www.youtube.com/watch?v=1kPw3tHt2oo
-
DevOops Slides - http://www.slideshare.net/chrisgates/lascon-2014-devooops
-
Ensnare Gem - https://github.com/ahoernecke/ensnare