Sign in through GitHub

Please read for an updated status on RailsCasts:

Learn more or hide this

Applied Filters: Security x
Authorization from Scratch Part 2
Episode #386Oct 11, 201238 comments

Authorization from Scratch Part 2

This finishes the series on building authorization from scratch by refactoring the permission logic into a DSL, restricting authorization with attributes, and combining with strong_parameters to protect params. (20 minutes)
Authorization from Scratch Part 1
Episode #385Oct 07, 201228 comments

Authorization from Scratch Part 1

Authorization can be difficult to implement and test because it often involves complex logic that exists throughout the entire app. Here I demonstrate how to test and implement authorization from scratch. (15 minutes)
Brakeman
Episode #358Jun 15, 201213 comments

Brakeman

The Brakeman gem will scan the Ruby code of a Rails application and alert you to common security vulnerabilities. (8 minutes)
Adding SSL
Episode #357Jun 08, 201234 comments

Adding SSL

It is important to protect a user's private information with HTTPS. Here you will learn how to get it working on your local machine, configure Rack SSL, install certificates for production, and more. (14 minutes)
Dangers of Session Hijacking
Episode #356Jun 08, 201227 comments

Dangers of Session Hijacking

If a user's authentication cookie is sent over an insecure connection it is vulnerable to session hijacking, or more specifically, sidejacking. Learn how this is done, and how you can prevent it. (6 minutes)
Securing an API
Episode #352May 23, 201225 comments

Securing an API

There are many approaches to locking down an API. Here I start off with HTTP Basic authentication then move on to generating a unique token which can be passed through a URL parameter or HTTP header. (7 minutes)
Hackers Love Mass Assignment (revised)
Episode #26Mar 08, 201223 comments

Hackers Love Mass Assignment (revised)

One of the most common security issues in a Rails application is the mass-assignment vulnerability which allows a user to set any attribute on the model. Learn how to prevent it in this episode. (6 minutes)
Dynamic attr_accessible
Episode #237Oct 25, 201047 comments

Dynamic attr_accessible

It is important to use attr_accessible for security with mass assignment, but what if you need it to be dynamic based on user permissions? See how in this episode. (9 minutes)
Sortable Table Columns
Episode #228Aug 23, 201067 comments

Sortable Table Columns

Here I walk you through adding the ability to sort table columns in ascending or descending order by clicking the header. (10 minutes)
XSS Protection in Rails 3
Episode #204Mar 08, 201031 comments

XSS Protection in Rails 3

It is easy to be vulnerable to cross site scripting attacks in earlier versions of Rails, but Rails 3 solves this by automatically escaping unsafe input. (8 minutes)