Sign in through GitHub

Please read for an updated status on RailsCasts:

Learn more or hide this

Applied Filters: Free Episodes xSecurity x
Brakeman
Episode #358Jun 15, 201213 comments

Brakeman

The Brakeman gem will scan the Ruby code of a Rails application and alert you to common security vulnerabilities. (8 minutes)
Dangers of Session Hijacking
Episode #356Jun 08, 201227 comments

Dangers of Session Hijacking

If a user's authentication cookie is sent over an insecure connection it is vulnerable to session hijacking, or more specifically, sidejacking. Learn how this is done, and how you can prevent it. (6 minutes)
Securing an API
Episode #352May 23, 201225 comments

Securing an API

There are many approaches to locking down an API. Here I start off with HTTP Basic authentication then move on to generating a unique token which can be passed through a URL parameter or HTTP header. (7 minutes)
Dynamic attr_accessible
Episode #237Oct 25, 201047 comments

Dynamic attr_accessible

It is important to use attr_accessible for security with mass assignment, but what if you need it to be dynamic based on user permissions? See how in this episode. (9 minutes)
Sortable Table Columns
Episode #228Aug 23, 201065 comments

Sortable Table Columns

Here I walk you through adding the ability to sort table columns in ascending or descending order by clicking the header. (10 minutes)
XSS Protection in Rails 3
Episode #204Mar 08, 201031 comments

XSS Protection in Rails 3

It is easy to be vulnerable to cross site scripting attacks in earlier versions of Rails, but Rails 3 solves this by automatically escaping unsafe input. (8 minutes)
7 Security Tips
Episode #178Sep 07, 200930 comments

7 Security Tips

Security is important! Here I show seven different security flaws which are common to Rails applications ranging from mass assignment to CSRF protection. (14 minutes)
PayPal Security
Episode #143Jan 05, 200944 comments

PayPal Security

This episode shows how to encrypt the variables passed to PayPal and verify the authenticity of the payment notifications (IPN). (11 minutes)
Cross Site Scripting
Episode #27May 04, 200715 comments

Cross Site Scripting

Another common security issue is cross site scripting. In this episode you will see why it is so important to escape any HTML a user may submit. (5 minutes)
Hackers Love Mass Assignment
Episode #26May 02, 200733 comments

Hackers Love Mass Assignment

Your site may be at risk! When using mass assignment, you are giving the user complete control over that model and its associations. See how a hacker might use this vulnerability and learn how to stop it in this episode. (6 minutes)