View: 
Categories
- Active Record
- Active Resource
- Active Support
- Administration
- Ajax
- APIs
- Authentication
- Authorization
- Background Jobs
- Caching
- Code Walkthrough
- Controllers
- Debugging
- Deployment
- eCommerce
- Forms
- Mailing
- Models
- Performance
- Plugins
- Production
- Rack
- Rails 2.0
- Rails 2.1
- Rails 2.2
- Rails 2.3
- Rails 3.0
- Rails 3.1
- Rails 3.2
- Rails 4.0
- Refactoring
- Routing
- Search
- Security
- Testing
- Tools
- Views
Applied Filters:
Security x
Authorization from Scratch Part 2
This finishes the series on building authorization from scratch by refactoring the permission logic into a DSL, restricting authorization with attributes, and combining with strong_parameters to protect params.
(20 minutes)
Authorization from Scratch Part 1
Authorization can be difficult to implement and test because it often involves complex logic that exists throughout the entire app. Here I demonstrate how to test and implement authorization from scratch.
(15 minutes)
Brakeman
The Brakeman gem will scan the Ruby code of a Rails application and alert you to common security vulnerabilities.
(8 minutes)
Adding SSL
It is important to protect a user's private information with HTTPS. Here you will learn how to get it working on your local machine, configure Rack SSL, install certificates for production, and more.
(14 minutes)
Dangers of Session Hijacking
If a user's authentication cookie is sent over an insecure connection it is vulnerable to session hijacking, or more specifically, sidejacking. Learn how this is done, and how you can prevent it.
(6 minutes)
Securing an API
There are many approaches to locking down an API. Here I start off with HTTP Basic authentication then move on to generating a unique token which can be passed through a URL parameter or HTTP header.
(7 minutes)
Hackers Love Mass Assignment (revised)
One of the most common security issues in a Rails application is the mass-assignment vulnerability which allows a user to set any attribute on the model. Learn how to prevent it in this episode.
(6 minutes)
Dynamic attr_accessible
It is important to use attr_accessible for security with mass assignment, but what if you need it to be dynamic based on user permissions? See how in this episode.
(9 minutes)
Sortable Table Columns
Here I walk you through adding the ability to sort table columns in ascending or descending order by clicking the header.
(10 minutes)
XSS Protection in Rails 3
It is easy to be vulnerable to cross site scripting attacks in earlier versions of Rails, but Rails 3 solves this by automatically escaping unsafe input.
(8 minutes)