SBN

Scottish Ruby Conference follow-up – 2 – Securing your app.

Most of the questions I got after my talk were around how people can look to secure their application. I mentioned a couple of sites and it’s probably worth expanding on the points made.

Web Application Security

For people looking to understand how to secure their web applications, in my opinion the best source of free information is the OWASP project . It’s an umbrella for a number of web application security efforts.

They’ve got a wide variety of projects which target management, security testers and developers, but some of the best places to start for developers are the Owasp developers Guide which covers a wide range of topics about secure development in a fairly generic way, and there’s also the Ruby on Rails Security Guide here or here which covers rails specific topics.

Both of those documents are relatively large but well worth delving into. For a quick few of the “most serious” web application security issues, OWASP also has the Top Ten project. The latest version, current in RC1 has some good summaries of the top risks, and is a good place to start getting an idea of the areas to be addressed…

There’s also a newish book dedicated to the topic of security on rails. I picked up a copy at the conference (I’m a sucker for the O’Reilly stand!), so I’ve not had time to get all the way through it, but first impressions are that it’ll be very good, with concrete examples of broken rails applications and how to fix them.

*** This is a Security Bloggers Network syndicated blog from Rory.Blog authored by Rory2. Read the original post at: http://www.mccune.org.uk/blog/2010/04/scottish-ruby-c-2.html