TITLE: Securing Your Rails App
PRESENTERS: Jim Weirich and Matt Yoho
Given the many features of Rails that promote good security, one gets the impression that your typical Rails web site is relatively secure. That impression is completely misleading. Without paying deliberate attention to security details, it is almost certain that your application has security flaws. This talk will cover the ins and outs of web security and help you build a secure site.
"Then it starts to scan the computer and transmit bits of information every time he clicks the mouse while he's surfing. After a while, [...] we've accumulated a complete mirror image of the content of his hard drive [...]. And then it's time for the hostile takeover."
-- Lisbeth Salander in Stieg Larsson's "The Girl with the Dragon Tattoo"
Hacker dramas like the Stieg Larrson book make for good fiction, but we know that real life rarely matches drama. And with all the security features that Rails 3 has added, surely it is difficult to hack a typical Rails web site.
Wrong! Without deliberate attention to the details of security, it almost certain that your site has flaws that a knowledgeable hacker can exploit. This talk will cover the ins and outs of web security and help you build a site that is protected from the real Lisbeth Salanders of the world.