1. Technology

Securing Ruby Code

With increasing numbers of large-scale projects being written in Ruby, programmers need to know how to secure their code. There are several entire classes of vulnerabilities unique to web applications. As Rails is often the only publicly accessible Ruby code running, here we will define and discuss the security issues facing Ruby and Ruby on Rails.

A Look at Security Risks in Ruby Code
Running Ruby programs or Ruby on Rails server software? Take a look at this analysis of software vulnerable to security breaches and CSRF attacks because of GET and POST requests.

5 Reasons Your Ruby Code Is Vulnerable to Attack
There are a number of reasons that someone would want to launch a CSRF attack and each has its own unique impact. If your Ruby on Rails code is vulnerable to these attacks, your site's security could be at risk.

What is Cross-Site Request Forgery?
Cross-Site Request Forgery, aka CSRF (pronounced Sea-Surf), is a security vulnerability that goes by many names and which can affect your website and Ruby code if you're not aware of the vulnerability.

3 Countermeasures to Protect Ruby Code From CSRF Attacks
To protect against CSRF, Web developers have to go the extra mile. Of course, as with any vulnerabilities, doing things correctly from the get-go is extremely helpful In Rails, this means using the abstractions and DRY mechanisms available to you, particularly the form tag helpers form_for and form_tag.

Is Your Ruby Code Secure?
CSRF attacks are similar in nature to Cross-Site Scripting (XSS) attacks and can occur in conjunction with an XSS attacks, but they don't always go hand-in-hand and differ in nature. While XSS attacks rely on HTML code injected into the target site, a CSRF attack may also be initiated from a second site.

Is Your Ruby Code Vulnerable to Attack?
CSRF attacks on your site can also occur in conjunction with XSS breaches. The severity of the CSRF attack is dependent on the severity of the XSS vulnerability.

A Security Attack On Ruby Code
Concerned about security with your Ruby code? Check out this analysis of an CSRF attack without XSS.

Exploitation of Security Vulnerabilities in Ruby Code
Does your Ruby code have security vulnerabilities? Take a look at this analysis of a CSRF attack with XSS and Filtering to see if your site might be at risk.

Dealing With Ruby Vulnerabilities: Enable Forgery Protection
Knowing what vulnerabilities exist in your Ruby code is only half the battle. You also need to know how to counteract them. Begin by enabling forgery protection.

Dealing With Ruby Vulnerabilities: Pay Attention to Idempotence
Enabling forgery protection is only one way to counteract security vulnerabilities in your Ruby code. You also need to pay attention to idempotence, or the ability to keep a value unchanged.

Dealing With Ruby Vulnerabilities: Check HTTP Referrers
By checking if the server from which the request originates is the same as the server your application runs on, you can determine if the request was generated from your site or not. If an HTTP request lacks a Referer header you can also tell it was generated by hand or from a location where Referer would make no sense (such as an email client).

You can opt-out at any time. Please refer to our privacy policy for contact information.

©2014 About.com. All rights reserved.