Top 23 Ruby Security Projects
Metasploit FrameworkProject mention: OWASP Top 10 for Developers: Using Components with Known Vulnerabilities | dev.to | 2021-09-14
This is one of the most prevalent issues among the OWASP Top 10. The growing reliance on third-party components creates a risk if dependencies aren't kept up to date. There are numerous tools, such as the Metasploit Framework, available to attackers, that allow them to easily identify and exploit known vulnerabilities in applications and operating systems. In many cases, a patch has been released for these vulnerable applications, but the victim organization has been slow to update their dependencies. Additionally, developers may not thoroughly understand the nested dependencies of all of the libraries that are being used in an application.
A static analysis security vulnerability scanner for Ruby on Rails applicationsProject mention: OWASP Top 10 for Developers: Using Components with Known Vulnerabilities | dev.to | 2021-09-14
In order to prevent this issue, your organization needs to implement regular checks of your dependencies against the CVE database for known vulnerabilities, as well as establishing a process for keeping all dependencies up-to-date. Fortunately, much of this can be automated using vulnerability scanning tools, such as the OWASP Dependency Check, RetireJS, or Brakeman. Additional tools, such as WhiteSource's Renovate, provide a complete dependency management solution by automatically updating any found vulnerabilities. In addition to keeping dependencies updated, it's important to remove any dependencies that are no longer being used.
Scout APM: A developer's best friend. Try free for 14-days. Scout APM uses tracing logic that ties bottlenecks to source code so you know the exact line of code causing performance issues and can get back to building a great product faster.
WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites.Project mention: How do I stop Spotify tracking my location and suggesting playlists based on where I am? | reddit.com/r/spotify | 2021-08-18
That is why I found the Parler breach so amusing... I heard those Nazis used glorified Wordpress - there's automated scanning tools for wordpress nowadays!!
Rack middleware for blocking & throttling
rack-attack to prevent bruteforce and DDoS attacks
Next generation web scannerProject mention: The most important step in hacking - Enumeration | dev.to | 2021-07-12
Manages application of security headers with many safe defaults
Authorization service and frontend for Docker registry (v2)Project mention: Suggestions for self hosted container registries? | reddit.com/r/selfhosted | 2021-08-03
Run Linux Software Faster and Safer than Linux with Unikernels.
InSpec: Auditing and Testing FrameworkProject mention: Checking compliance of controls? Job help | reddit.com/r/cybersecurity | 2021-09-17
Patch-level verification for Bundler
A key value store for storing per-developer environment and application keysProject mention: Where to store API keys without server access | reddit.com/r/iOSProgramming | 2021-02-21
Ruby FFI binding to the Networking and Cryptography (NaCl) library (a.k.a. libsodium)
Linting tool for CloudFormation templatesProject mention: CloudFormation Best Practices | dev.to | 2021-01-05
cfn_nag is an open source command-line tool that performs static analysis of CloudFormation templates. It will search for insecure infrastructure like:
:honey_pot: Unobtrusive and flexible spam protection for Rails apps
A small Ruby gem to generate YouTube-like hashes from one or many numbers. Use hashids when you do not want to expose your database ids to the user.
Dawn is a static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.
test and add dawnscanner
Kubernetes RBAC static Analysis & visualisation toolProject mention: Visualising RBAC on Kubernetes | reddit.com/r/kubernetes | 2021-06-07
A security extension for devise, meeting industrial standard security demands for web applications.
CIS Docker Benchmark - InSpec Profile
Rack::UTF8Sanitizer is a Rack middleware which cleans up invalid UTF8 characters in request URI and headers.
Open Cloud Security Posture Management EngineProject mention: GitHub - OpenCSPM/opencspm: Open Cloud Security Posture Management Engine | reddit.com/r/bag_o_news | 2021-08-12
:key: Hash type identifier (CLI & lib)Project mention: Haiti v1.2.2 release | reddit.com/r/Rawsec | 2021-08-24
OSSSM (awesome). Open source short-term secure messaging
ClamAV interface to your Ruby on Rails project.
What are some of the best open-source Security projects in Ruby? This list will help you:
Are you hiring? Post a new remote job listing for free.