View: 
Categories
- Active Record
- Active Resource
- Active Support
- Administration
- Ajax
- APIs
- Authentication
- Authorization
- Background Jobs
- Caching
- Code Walkthrough
- Controllers
- Debugging
- Deployment
- eCommerce
- Forms
- Mailing
- Models
- Performance
- Plugins
- Production
- Rack
- Rails 2.0
- Rails 2.1
- Rails 2.2
- Rails 2.3
- Rails 3.0
- Rails 3.1
- Rails 3.2
- Rails 4.0
- Refactoring
- Routing
- Search
- Security
- Testing
- Tools
- Views
Authorization from Scratch Part 2
This finishes the series on building authorization from scratch by refactoring the permission logic into a DSL, restricting authorization with attributes, and combining with strong_parameters to protect params.
(20 minutes)
Authorization from Scratch Part 1
Authorization can be difficult to implement and test because it often involves complex logic that exists throughout the entire app. Here I demonstrate how to test and implement authorization from scratch.
(15 minutes)
Dangers of Session Hijacking
If a user's authentication cookie is sent over an insecure connection it is vulnerable to session hijacking, or more specifically, sidejacking. Learn how this is done, and how you can prevent it.
(6 minutes)
Adding SSL
It is important to protect a user's private information with HTTPS. Here you will learn how to get it working on your local machine, configure Rack SSL, install certificates for production, and more.
(14 minutes)
Brakeman
The Brakeman gem will scan the Ruby code of a Rails application and alert you to common security vulnerabilities.
(8 minutes)
Securing an API
There are many approaches to locking down an API. Here I start off with HTTP Basic authentication then move on to generating a unique token which can be passed through a URL parameter or HTTP header.
(7 minutes)
Hackers Love Mass Assignment (revised)
One of the most common security issues in a Rails application is the mass-assignment vulnerability which allows a user to set any attribute on the model. Learn how to prevent it in this episode.
(6 minutes)
Sortable Table Columns
Here I walk you through adding the ability to sort table columns in ascending or descending order by clicking the header.
(10 minutes)
Dynamic attr_accessible
It is important to use attr_accessible for security with mass assignment, but what if you need it to be dynamic based on user permissions? See how in this episode.
(9 minutes)
XSS Protection in Rails 3
It is easy to be vulnerable to cross site scripting attacks in earlier versions of Rails, but Rails 3 solves this by automatically escaping unsafe input.
(8 minutes)