Skip to content

Commit

Permalink
forgot to tag a couple of sections as slides
Browse files Browse the repository at this point in the history
  • Loading branch information
@abedra
abedra committed Apr 24, 2012
1 parent 9b196f9 commit 25dacef
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 9 deletions.
4 changes: 2 additions & 2 deletions securing-the-rails.org
View file
Original file line number Original file line Diff line number Diff line change
Expand Up @@ -112,7 +112,7 @@
:expire_after => 60.minutes :expire_after => 60.minutes
#+end_src #+end_src
- See XSS section - See XSS section
** A note about cookie based session storage ** A note about cookie based session storage :slide:
- As a general rule of thumb, you should only store data that is absolutely critical to maintain the state of your application - As a general rule of thumb, you should only store data that is absolutely critical to maintain the state of your application
- In other words, don't put anything but a user id in your session data - In other words, don't put anything but a user id in your session data
- Rails cookie store data might look encrypted, but it is only base64 encoded, making it very easy to decode the information once it is stolen - Rails cookie store data might look encrypted, but it is only base64 encoded, making it very easy to decode the information once it is stolen
Expand Down Expand Up @@ -150,7 +150,7 @@
** Possible outcomes of improper exception handling/notification :slide: ** Possible outcomes of improper exception handling/notification :slide:
- Attackers gain information about your system and use it against you as they form more focused attacks - Attackers gain information about your system and use it against you as they form more focused attacks
- Users perform denial of service (DoS) attacks against your system by triggering floods of exceptions, which are expensive to process - Users perform denial of service (DoS) attacks against your system by triggering floods of exceptions, which are expensive to process
** What should you do? ** What should you do? :slide:
- Test! I'm not talking about unit testing here, I mean get people to actually click around any try to produce exceptions - Test! I'm not talking about unit testing here, I mean get people to actually click around any try to produce exceptions
- Monitor your logs for exceptional situations and fix them immediately, no matter how insignificant they seem - Monitor your logs for exceptional situations and fix them immediately, no matter how insignificant they seem
- If you are using a third party system, ensure that your data is travelling over SSL - If you are using a third party system, ensure that your data is travelling over SSL
Expand Down
14 changes: 7 additions & 7 deletions slides.html
View file
Original file line number Original file line Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
<meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1"/> <meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1"/>
<meta name="title" content="Securing the Rails"/> <meta name="title" content="Securing the Rails"/>
<meta name="generator" content="Org-mode"/> <meta name="generator" content="Org-mode"/>
<meta name="generated" content="2012-04-24 11:16:27 CDT"/> <meta name="generated" content="2012-04-24 11:48:03 CDT"/>
<meta name="author" content="Aaron Bedra"/> <meta name="author" content="Aaron Bedra"/>
<meta name="description" content=""/> <meta name="description" content=""/>
<meta name="keywords" content=""/> <meta name="keywords" content=""/>
Expand Down Expand Up @@ -436,7 +436,7 @@ <h3 id="sec-8-2"><span class="section-number-3">8.2</span> What should you do? &
</div> </div>


<div id="outline-container-8-3" class="outline-3"> <div id="outline-container-8-3" class="outline-3">
<h3 id="sec-8-3"><span class="section-number-3">8.3</span> A note about cookie based session storage</h3> <h3 id="sec-8-3"><span class="section-number-3">8.3</span> A note about cookie based session storage &nbsp;&nbsp;&nbsp;<span class="tag"><span class="slide">slide</span></span></h3>
<div class="outline-text-3" id="text-8-3"> <div class="outline-text-3" id="text-8-3">


<ul> <ul>
Expand Down Expand Up @@ -570,7 +570,7 @@ <h3 id="sec-10-1"><span class="section-number-3">10.1</span> Possible outcomes o
</div> </div>


<div id="outline-container-10-2" class="outline-3"> <div id="outline-container-10-2" class="outline-3">
<h3 id="sec-10-2"><span class="section-number-3">10.2</span> What should you do?</h3> <h3 id="sec-10-2"><span class="section-number-3">10.2</span> What should you do? &nbsp;&nbsp;&nbsp;<span class="tag"><span class="slide">slide</span></span></h3>
<div class="outline-text-3" id="text-10-2"> <div class="outline-text-3" id="text-10-2">


<ul> <ul>
Expand Down Expand Up @@ -645,13 +645,13 @@ <h2 id="sec-13"><span class="section-number-2">13</span> References &nbsp;&nbsp;
</li> </li>
<li>RoR Security Guide <a href="http://guides.rubyonrails.org/security.html">guides.rubyonrails.org/security.html</a> <li>RoR Security Guide <a href="http://guides.rubyonrails.org/security.html">guides.rubyonrails.org/security.html</a>
</li> </li>
<li>Practical Software Security <a href="https://github.com/curphey/pss_book">github.com/curphey/pss<sub>book</sub></a> <li>Practical Software Security <a href="https://github.com/curphey/pss_book">github.com/curphey/pss_book</a>
</li> </li>
<li>Web Application Hackers Handbook <a href="http://mdsec.net/wahh/">mdsec.net/wahh</a> <li>Web Application Hackers Handbook <a href="http://mdsec.net/wahh/">mdsec.net/wahh</a>
</li> </li>
<li>OWASP Top 10 <a href="https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project">www.owasp.org/index.php/Category:OWASP<sub>Top</sub><sub>Ten</sub><sub>Project</sub></a> <li>OWASP Top 10 <a href="https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project">www.owasp.org/index.php/Category:OWASP_Top_Ten_Project</a>
</li> </li>
<li>OWASP WebGaot Project <a href="https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project">www.owasp.org/index.php/Category:OWASP<sub>WebGoat</sub><sub>Project</sub></a> <li>OWASP WebGaot Project <a href="https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project">www.owasp.org/index.php/Category:OWASP_WebGoat_Project</a>
</li> </li>
</ul> </ul>


Expand All @@ -666,7 +666,7 @@ <h2 id="sec-13"><span class="section-number-2">13</span> References &nbsp;&nbsp;
</div> </div>


<div id="postamble"> <div id="postamble">
<p class="date">Date: 2012-04-24 11:16:27 CDT</p> <p class="date">Date: 2012-04-24 11:48:03 CDT</p>
<p class="author">Author: Aaron Bedra</p> <p class="author">Author: Aaron Bedra</p>
<p class="creator">Org version 7.8.03 with Emacs version 24</p> <p class="creator">Org version 7.8.03 with Emacs version 24</p>
<a href="http://validator.w3.org/check?uri=referer">Validate XHTML 1.0</a> <a href="http://validator.w3.org/check?uri=referer">Validate XHTML 1.0</a>
Expand Down

0 comments on commit 25dacef

Please sign in to comment.