Presenter: Aaron Bedra
Building safe web applications isn’t always easy. The good news is that Rails provides a lot of features that will help you along the way. Aaron will walk you through the common mistakes made by web developers, and how to account for them while working with Rails. He will also walk you through some tools you can use to make securing your applications much much easier.
- XSS - Rails3 automatically escapes output
- CSRF - tokens are built in
- SQL Injection
- Airbrake http://airbrake.io/pages/home
- Exception Notifier
- Splunk - monitoring
- Brakeman http://brakemanscanner.org/
- OWASP WebGoat project
- Web Application Hacker's Handbook
- Pracical Software Security