What do you think?
Rate this book
Security on Rails
The advantage of using Rails is its agility; it makes developing your web applications easy and fast. The disadvantage is that it can leave holes in your security if you are not aware of common vulnerabilities. It's a nerve-wracking and unfortunate fact that there are plenty of malicious people lurking on the Web. As a Rails developer, it is essential that you understand how to assess risk and protect your data and your users.
Security on Rails uses established security principles to teach you how to write more secure software, defend your applications from common threats, and encrypt your data. We'll give you an example of a hacking exploit, and explore how to fix the weaknesses in an application.
You'll learn the steps you need to take to control access to information and authenticate users, including cryptography concepts and authorization. In addition, you'll see how to integrate your applications with external management systems; in short, the crucial details you must consider to protect yourself and your data.
The most important element of security is to plan for it before it becomes an issue. Security on Rails helps beginner and intermediate developers to take control of their applications and guard against attacks.
Security on Rails uses established security principles to teach you how to write more secure software, defend your applications from common threats, and encrypt your data. We'll give you an example of a hacking exploit, and explore how to fix the weaknesses in an application.
You'll learn the steps you need to take to control access to information and authenticate users, including cryptography concepts and authorization. In addition, you'll see how to integrate your applications with external management systems; in short, the crucial details you must consider to protect yourself and your data.
The most important element of security is to plan for it before it becomes an issue. Security on Rails helps beginner and intermediate developers to take control of their applications and guard against attacks.
- GenresProgrammingComputers
304 pages, Paperback
First published January 1, 2009
18 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 3 of 3 reviews
March 3, 2010
This is a fairly good introduction to several important security areas relevant to web development, and how to discover and prevent them in Ruby on Rails web applications.
It has a higher focus on Authentication than I initially expected, but this is a major source of errors in many web applications (prompting the now traditional Rails idiom of "don't do your own authentication, you'll only get it wrong. Use a library instead"). It also focuses on authentication with other systems, namely LDAP, OpenID, Kerberos and CAS. If you have a need to create a rails application that uses any of these, or to get some ideas for integrating with a more esoteric system (or just one not covered, like OAuth or Facebook Connect) then this may be a worthwhile book to read.
There is also some coverage of topics covered slightly in other books, such as the idea of using rails filters to implement a transparent encryption of data in the database for added database store security. This is mentioned in Agile Web Development with Rails, but covered much more fully here with cryptography concepts better explored.
Overall, the book is a fairly solid introduction to common key security concepts. It is a good foundation and covers stuff that all developers should be aware of, but if you want to focus primarily on security then you will need more than just this volume to give yourself the necessary knowledge.
It has a higher focus on Authentication than I initially expected, but this is a major source of errors in many web applications (prompting the now traditional Rails idiom of "don't do your own authentication, you'll only get it wrong. Use a library instead"). It also focuses on authentication with other systems, namely LDAP, OpenID, Kerberos and CAS. If you have a need to create a rails application that uses any of these, or to get some ideas for integrating with a more esoteric system (or just one not covered, like OAuth or Facebook Connect) then this may be a worthwhile book to read.
There is also some coverage of topics covered slightly in other books, such as the idea of using rails filters to implement a transparent encryption of data in the database for added database store security. This is mentioned in Agile Web Development with Rails, but covered much more fully here with cryptography concepts better explored.
Overall, the book is a fairly solid introduction to common key security concepts. It is a good foundation and covers stuff that all developers should be aware of, but if you want to focus primarily on security then you will need more than just this volume to give yourself the necessary knowledge.
March 22, 2014
This was written several years ago but still very relevant. It covers a bit about penetration testing. I don't agree with installing Firefox the plugin suggested. The author did write about automation and test frameworks. You can write Selenium tests for most cases.
Some examples look outdated but still agreeable in the sense that if you have been doing enough Rails and Ruby, you know what you shouldn't follow.
Don't make your own home keys especially for authentication unless absolutely required.
The last few topics are certainly advanced but relevant: decentralized and centralized authentication.
Some examples look outdated but still agreeable in the sense that if you have been doing enough Rails and Ruby, you know what you shouldn't follow.
Don't make your own home keys especially for authentication unless absolutely required.
The last few topics are certainly advanced but relevant: decentralized and centralized authentication.
December 31, 2009
Pretty good book...not a complete view of the subject but enough that it has made me rethink and question how I have been writing software. Very good insight in to the *practical* matters of developing secure software. Well recommended!
Displaying 1 - 3 of 3 reviews