The Evolution of Rails Security

Cite

Confreaks, LLC

Collins, Justin

Formal Metadata

Title

The Evolution of Rails Security

Title of Series

RailsConf 2018

Number of Parts

Author

Collins, Justin

License

CC Attribution - ShareAlike 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal and non-commercial purpose as long as the work is attributed to the author in the manner specified by the author or licensor and the work or content is shared also in adapted form only under the conditions of this

Identifiers

10.5446/37344 (DOI)

Publisher

Release Date

Language

Producer

Production Year

2018

Production Place

Pittsburgh

Content Metadata

Subject Area

Computer Science

Genre

Conference/Talk

Abstract

Rails has a reputation for being secure by default, but how deserved is that reputation? Let's take a look back at some of the low points in Rails security history: from the first Rails CVE, to the controversial GitHub mass assignment, the 2013 Rails apocalypse, and more recent remote code execution issues. Then we'll cheer ourselves up with the many cool security features Rails has added over the years! We'll cover auto-escaping, strong parameters, default security headers, secret storage, and less well-known features like per-form CSRF tokens and upcoming Content Security Policy support.