Ruby On Rails Security Guide published as free ebookNovember 4, 2008 – 7:19 AM
The Ruby on Rails Security Project have published a Ruby on Rails Security Guide as a free e-book and also made it available as HTML. The guide covers how to secure Ruby on Rails applications, looking at, sessions and how to manage them securely, cross site forgery, redirection and other common attacks.
It also provides practical advice on securing administration consoles, password management and CAPTCHAs, protecting against SQL injection attacks, securing MySQL when used with Ruby on Rails and the value of monitoring your Rails servers. The Rails specific “mass assignment” issue, which allows attackers to manipulate any column in a database model unless precautions are taken, is explained and countermeasures to the problem detailed.