24C3 - Ruby on Rails Security

Posted by Jonathan

The slides and a video of my Ruby on Rails Security session are now online. The 24C3 was a lot of fun, unfortunately I couldn't spend all 4 days there.

My talk covered most of the common web application vulnerabilities like Cross Site Scripting and Cross Site Request Forgery, SQL and Code injection, and deployment security and how they apply to Rails. Further Ruby on Rails specific issues like Rails plugin security, JavaScript/Ajax security, and Rails configuration were be examined and best practice solutions were introduced.


The is also a Google video version: Ruby on Rails Security.



Get the slides (PDF - 1.6 MB) or the video (mkv - 95 MB). Other formats are available from the official mirrors or the torrent site.

Comments

Leave a response

  1. Ilya SabaninJanuary 04, 2008 @ 03:48 PM

    Thank you.

  2. ChrisJanuary 04, 2008 @ 08:53 PM

    Just letting you know, your link to the mkv file is not working.

    Not sure what’s up … will try to find it at the mirrors site.

  3. JonathanJanuary 05, 2008 @ 12:41 AM

    @Chris: Thanks, I fixed the link.

  4. Eric AndersonJanuary 05, 2008 @ 01:04 AM

    That was a spectacular talk. Lots of information and covering all aspects of security. I enjoyed it very much.

  5. jeromeJanuary 05, 2008 @ 12:28 PM

    Add resset_session in your restful_authentication/generators/authenticated/templates/authenticated_system.rb before line #17

    or in the current_user= method in the generated lib

  6. Ivan M.January 17, 2008 @ 07:50 PM

    Thank you for this, I really enjoyed it :)