Owen Mooney, edgescan’s lead developer, delivered a talk about common risks faced when coding in ruby and ruby on rails.
The talk covered some best practices and pitfalls when writing a secure web application in ruby on rails. With examples on how to deal with the OWASP top 10, as well as some ruby specific vulnerabilities.
Click here to access the Git Repository with the working code.
Please follow these steps in orther to get the app to work:
To install, you must have ruby, gem, and bundler installed. Run the following command to install dependencies:
To get the SQL injection stuff working, you will have to perform a few additional steps. If you want to use MySQL, then you will have to edit the config/database.yml
file. Specify the adapter as mysql2
and then set the username, password, database, and host properties as appropriate.
In any case, you must run the following tasks to create/migrate the database:
To create some data to populate the database, run rails console, and use the following command
You can change the attributes appropriately and run the command multiple times.
To run the application, simply run
The bundle exec can be omitted if you are using some sort of ruby environment manager like RVM.
Have fun!