Sunday, May 1, 2011

Are there any security test plugins for rails?

Are there any tools to test the security of your rails application?

Things that can automatically test sql injection, cross-site scripting, etc...

From stackoverflow

  • Check out http://www.ouncelabs.com/

    vrish88 : That may be too much for what I am looking for. I was looking for something as simple (and cheap) as installing a plugin into your rails project.
    jm04469 : They are the cheapest in the group. Otherwise you may need to outsource to others

  • It's not a Rails plugin, but http://www.owasp.org/ is a good place to start.

  • I'm not sure if there are any plugins out there for testing the security of your code, but here's some reading about the potential pitfalls and the fixes required for Rails apps:

    1. Quark Ruby: Ruby on Rails Security Guide
    2. Official Ruby on Rails Security Guide

  • Safe ERB is a plugin that will raise an exception for any unescaped strings in your view templates i.e. dynamic data not escaped using the "h" method.

Posted by Ku XI at 7:45 AM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)