05 Mar '12, 12am

“Rail Spikes: Is your Rails application safe?”

Tarantula : A fuzzing plugin that spiders your application looking for problems. Via Stuart Halloway’s post on Revelance’s blog: “It crawls your rails app, fuzzing inputs and analyzing what comes back. We have pointed Tarantula at about 20 Rails applications, both commercial and open source, and have never failed to uncover flaws.” Aaron Bedrak’s Rails Security Audit PDF on Peepcode devotes significant space to getting this up and running. It also covers a few of the common mistakes developers can make when using a framework like Rails, and that alone may make it a worthwhile read. ratproxy : Happened upon this on Google’s excellent security blog . From their announcement post: “[ratproxy] is designed to transparently analyze legitimate, browser-driven interactions with a tested web property and automatically pinpoint, annotate, and prioritize potential flaws or areas of c...

Full article: http://railspikes.com/2008/9/22/is-your-rails-application...

Tweets

Hackers love mass-assignment a rail cast from 2007

railscasts.com 04 Mar '12, 11pm

Your site may be at risk! When using mass assignment, you are giving the user complete control over that model and its ass...

Tem um episódio sobre Mass Assignment no rails ...

railscasts.com 05 Mar '12, 1am

Mass assignment is something most Rails programmers make use of as it provides an easy way to populate the properties of a...

Super excited about , which just landed on Rail...

edgeguides.rubyonrails.org 05 Mar '12, 12pm

Resourceful Routing: If you’re building a RESTful JSON API , you want to be using the Rails router. Clean and conventional...

Preventing mass assignment vulns in RoR: Good l...

edgeguides.rubyonrails.org 04 Mar '12, 6pm

Web application frameworks are made to help developers building web applications. Some of them also help you with securing...

que

guides.rubyonrails.org 04 Mar '12, 8pm

The attacker creates a valid session id: He loads the login page of the web application where he wants to fix the session,...

The Last Week in Ruby: RSpec 2.8, Redcar 0.12, ...

rubyinside.com 04 Mar '12, 8am

Welcome to this week's Web-based syndication of Ruby Weekly , the Ruby e-mail newsletter. While I have you, be sure to fol...

Rail Spikes: Deploying Rails on EC2:

railspikes.com 13 Mar '12, 7pm

I signed up with RightScale (and burned up 45 minutes of machine time, sorry guys!), but couldn’t do anything with the mac...

When to Break Apart your Application

When to Break Apart your Application

blog.jayfields.com 04 Mar '12, 6pm

presented on the topic of building Systems. One aspect of his presentation that really struck a chord with me was around t...

GRIND Spring 2012 Issue: GRIND magazine is a Japanese menswear magazine focusing on contemporary casual clothin...

GRIND Spring 2012 Issue: GRIND magazine is a Ja...

slamxhype.com 04 Mar '12, 5am

GRIND magazine is a Japanese menswear magazine focusing on contemporary casual clothing. It consistently features some of ...

In the world of web app frameworks good feature...

guides.rubyonrails.org 05 Mar '12, 12am

Web application frameworks are made to help developers building web applications. Some of them also help you with securing...

Ruby on Rails Guides: Getting Started with Rails:

guides.rubyonrails.org 08 Mar '12, 5am

Rails is a web application development framework written in the Ruby language. It is designed to make programming web appl...

@dhh @37signals hm..

weblog.rubyonrails.org 05 Mar '12, 6pm

[ANN] Rails 3.2.2 has been released! Posted by aaronp March 01, 2012 @ 06:12 PM Rails 3.2.2 has been released. This releas...

Ruby on Rails Guides: A Guide to Testing Rails ...

guides.rubyonrails.org 09 Mar '12, 6pm

Testing support was woven into the Rails fabric from the beginning. It wasn’t an “oh! let’s bolt on support for running te...

Haml and Rails

rubyflow.com 09 Mar '12, 1am

with some helpful suggestions from Brook Riggio's blog post on Haml by Default in a New Rails 3.2 App . The RailsApps appl...

@matthewlang not sure if you've seen/used this ...

apidock.com 09 Mar '12, 11am

The Model layer represents your domain model (such as Account, Product, Person, Post ) and encapsulates the business logic...