Browse files

forgot to tag a couple of sections as slides

  • Loading branch information...
1 parent 9b196f9 commit 25dacef65a4a6227ff45d07c4bb8718725ad2d70 @abedra committed Apr 24, 2012
Showing with 9 additions and 9 deletions.
  1. +2 −2 securing-the-rails.org
  2. +7 −7 slides.html
View
4 securing-the-rails.org
@@ -112,7 +112,7 @@
:expire_after => 60.minutes
#+end_src
- See XSS section
-** A note about cookie based session storage
+** A note about cookie based session storage :slide:
- As a general rule of thumb, you should only store data that is absolutely critical to maintain the state of your application
- In other words, don't put anything but a user id in your session data
- Rails cookie store data might look encrypted, but it is only base64 encoded, making it very easy to decode the information once it is stolen
@@ -150,7 +150,7 @@
** Possible outcomes of improper exception handling/notification :slide:
- Attackers gain information about your system and use it against you as they form more focused attacks
- Users perform denial of service (DoS) attacks against your system by triggering floods of exceptions, which are expensive to process
-** What should you do?
+** What should you do? :slide:
- Test! I'm not talking about unit testing here, I mean get people to actually click around any try to produce exceptions
- Monitor your logs for exceptional situations and fix them immediately, no matter how insignificant they seem
- If you are using a third party system, ensure that your data is travelling over SSL
View
14 slides.html
@@ -7,7 +7,7 @@
<meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1"/>
<meta name="title" content="Securing the Rails"/>
<meta name="generator" content="Org-mode"/>
-<meta name="generated" content="2012-04-24 11:16:27 CDT"/>
+<meta name="generated" content="2012-04-24 11:48:03 CDT"/>
<meta name="author" content="Aaron Bedra"/>
<meta name="description" content=""/>
<meta name="keywords" content=""/>
@@ -436,7 +436,7 @@ <h3 id="sec-8-2"><span class="section-number-3">8.2</span> What should you do? &
</div>
<div id="outline-container-8-3" class="outline-3">
-<h3 id="sec-8-3"><span class="section-number-3">8.3</span> A note about cookie based session storage</h3>
+<h3 id="sec-8-3"><span class="section-number-3">8.3</span> A note about cookie based session storage &nbsp;&nbsp;&nbsp;<span class="tag"><span class="slide">slide</span></span></h3>
<div class="outline-text-3" id="text-8-3">
<ul>
@@ -570,7 +570,7 @@ <h3 id="sec-10-1"><span class="section-number-3">10.1</span> Possible outcomes o
</div>
<div id="outline-container-10-2" class="outline-3">
-<h3 id="sec-10-2"><span class="section-number-3">10.2</span> What should you do?</h3>
+<h3 id="sec-10-2"><span class="section-number-3">10.2</span> What should you do? &nbsp;&nbsp;&nbsp;<span class="tag"><span class="slide">slide</span></span></h3>
<div class="outline-text-3" id="text-10-2">
<ul>
@@ -645,13 +645,13 @@ <h2 id="sec-13"><span class="section-number-2">13</span> References &nbsp;&nbsp;
</li>
<li>RoR Security Guide <a href="http://guides.rubyonrails.org/security.html">guides.rubyonrails.org/security.html</a>
</li>
-<li>Practical Software Security <a href="https://github.com/curphey/pss_book">github.com/curphey/pss<sub>book</sub></a>
+<li>Practical Software Security <a href="https://github.com/curphey/pss_book">github.com/curphey/pss_book</a>
</li>
<li>Web Application Hackers Handbook <a href="http://mdsec.net/wahh/">mdsec.net/wahh</a>
</li>
-<li>OWASP Top 10 <a href="https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project">www.owasp.org/index.php/Category:OWASP<sub>Top</sub><sub>Ten</sub><sub>Project</sub></a>
+<li>OWASP Top 10 <a href="https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project">www.owasp.org/index.php/Category:OWASP_Top_Ten_Project</a>
</li>
-<li>OWASP WebGaot Project <a href="https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project">www.owasp.org/index.php/Category:OWASP<sub>WebGoat</sub><sub>Project</sub></a>
+<li>OWASP WebGaot Project <a href="https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project">www.owasp.org/index.php/Category:OWASP_WebGoat_Project</a>
</li>
</ul>
@@ -666,7 +666,7 @@ <h2 id="sec-13"><span class="section-number-2">13</span> References &nbsp;&nbsp;
</div>
<div id="postamble">
-<p class="date">Date: 2012-04-24 11:16:27 CDT</p>
+<p class="date">Date: 2012-04-24 11:48:03 CDT</p>
<p class="author">Author: Aaron Bedra</p>
<p class="creator">Org version 7.8.03 with Emacs version 24</p>
<a href="http://validator.w3.org/check?uri=referer">Validate XHTML 1.0</a>

0 comments on commit 25dacef

Please sign in to comment.