This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Category:Ruby on Rails
Many share the perception of Rails being a "secure" framework. And that might well be true, because we need less code to get things done and less code means a better overview of what's happening. But though Rails seems to be safer, doesn't allow to lean back. There has been a security bug (more detailed) in Rails last year and even in Ruby.
Starting point As a good starting point, here's a good Ruby on Rails example, which deliberately includes several security vulnerabilities: The Hacme Casino. Especially reading the user guide gives you a good insight on what can go wrong.
More on the Ruby on Rails Security site
This category currently contains no pages or media.