close search bar

Sorry, not available in this language yet

close language selection

Securing Ruby

Course Description

This course covers the basic characteristics of Ruby and delivers strategies for securing Ruby projects. The course begins by addressing the language itself, covering Ruby’s structure and identifying dangerous patterns. It next explains core web development weaknesses and how to defend against them in Ruby.

Learning Objectives

  • Understand the basic characteristics of Ruby and its dependency system
    Identify dangerous patterns or libraries in the Ruby language and standard library
  • Understand code injection and the defenses available to prevent it
  • Understand cross-site request forgery and defenses to prevent it, and identify inadequate authorization
  • Review web security defenses in place for an application

Details

Delivery Format: eLearning

Duration: 1 Hour

Level: Intermediate

Intended Audience:

  • Front-End Developers

Prerequisites: 

  • None

Course Outline

Ruby Primer

  • Standard Library
  • Dependencies
  • Extensions 

Core Language and Standard Library Concerns

  • Unsafe Reflection
  • Regular Expressions
  • Deserialization
  • Command Injection
  • TLS Certificate Verification

Web Security: Code Injection

  • Injection Vulnerabilities
  • Cross-Site Scripting Overview
  • Cross-Site Scripting Prevention in Ruby on Rails
  • Preventing Cross-Site Scripting in Sinatra
  • Sanitizing HTML
  • SQL Injection Overview
  • SQL Injection in ActiveRecord
  • SQL Injection in Arel
  • SQL Injection in Sequel

Web Security: Authorization

  • Missing Authorization in Ruby on Rails
  • Authorization Libraries
  • Cross-Site Request Forgery
  • Preventing Cross-Site Request Forgery
  • Cross-Site Request Forgery Protection in Ruby on Rails
  • Cross-Site Request Forgery Protection in Sinatra
  • Mass Assignment

Authentication and Sessions

  • Multifactor Authentication
  • Password Storage
  • Authentication with Ruby on Rails
  • Session Management in Ruby on Rails
  • Session Management in Sinatra

Web Defenses

  • Security Headers
  • Default Security Headers in Ruby on Rails
  • Content Security Policy in Ruby on Rails
  • Browser Cookie Security
  • Error Handling
  • Logging

File Upload Security

  • File Processing
  • File Storage
  • Malicious Files
  • Authorization
  • File Storage in Ruby on Rails

Training

Developer Security Training

Equip development teams with the skills and education to write secure code and fix issues faster