|
|
| (One intermediate revision by the same user not shown) |
| Line 1: |
Line 1: |
| − | Many share the perception of Rails being a "secure" framework.
| + | #REDIRECT [[:Category:OWASP Ruby Project]] |
| − | And that might well be true, because we need less code to get things done and less
| |
| − | code means a better overview of what's happening.
| |
| − | But though Rails seems to be safer, doesn't allow to lean back. There has
| |
| − | been a [http://weblog.rubyonrails.org/2006/8/10/rails-1-1-6-backports-and-full-disclosure security bug] ([http://blog.evanweaver.com/articles/2006/08/12/anatomy-of-an-attack-against-1-1-4 more detailed]) in Rails last year and even in [http://www.ruby-lang.org/en/news/2006/11/03/CVE-2006-5467/ Ruby].
| |
| | | | |
| − | '''Starting point'''
| + | This category should NOT be used. Use [[:Category:OWASP Ruby Project]] instead.for more information. |
| − | As a good starting point, here's a good Ruby on Rails example, which deliberately
| |
| − | includes several security vulnerabilities: [http://www.foundstone.com/resources/proddesc/hacmecasino.htm The Hacme Casino]. Especially reading the [http://www.foundstone.com/resources/whitepapers/hacmecasino_userguide.pdf user guide] gives you a good insight on what can go wrong.
| |
| − | | |
| − | '''[http://www.rorsecurity.info More on the Ruby on Rails Security site]'''
| |
| − | | |
| − | [[Category:Technology]]
| |
| − | [[Category:Language]]
| |
Latest revision as of 16:05, 3 December 2015
This category should NOT be used. Use Category:OWASP Ruby Project instead.for more information.
This category currently contains no pages or media.
