Top 23 Ruby Security Projects
Metasploit FrameworkProject mention: Does anyone have a walk through for using CVE-2021-3156? | reddit.com/r/hacking | 2021-04-13
Always worth checking for metasploit plugins: https://github.com/rapid7/metasploit-framework/blob/master/data/exploits/CVE-2021-3156/exploit.c
A static analysis security vulnerability scanner for Ruby on Rails applicationsProject mention: 26 most popular Ruby/Rails repositories on GitHub in July-August 2020 | dev.to | 2020-09-05
Brakeman is a static analysis tool that checks Ruby on Rails applications for security vulnerabilities. 5,800 stars by now
Scout APM - Leading-edge performance monitoring starting at $39/month. Scout APM uses tracing logic that ties bottlenecks to source code so you know the exact line of code causing performance issues and can get back to building a great product faster.
WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites.Project mention: How do I check a plugin someone wrote for me for security vulnerabilities? | reddit.com/r/Wordpress | 2021-04-12
To start, I highly recommend reviewing this plugin security testing cheat sheet for WordPress. It has the most common WordPress vulnerabilities and you can search the plugins code for these flaws: https://github.com/wpscanteam/wpscan/wiki/WordPress-Plugin-Security-Testing-Cheat-Sheet
Rack middleware for blocking & throttlingProject mention: What is happening once you launch and open a Rails app to the real, wild web | reddit.com/r/rails | 2021-03-08
It's entirely normal and expected. If your site gets any traction, volume and sophistication of probing will only increase. I recommend starting by setting up Rack Attack (https://github.com/rack/rack-attack), that will help you block the bad actors for awhile, if the volume gets high enough you'll want to start blocking traffic upstream in reverse proxy or load balancing layer, depending on architecture.
Manages application of security headers with many safe defaults
Authorization service and frontend for Docker registry (v2)Project mention: Host your own private docker registry with Portus | dev.to | 2020-09-11
Once you have your domain configured properly and the SSL certificate is on the server you can start configuring the registry. Docker themselves maintains and releases a docker image that is a Docker registry. Yea, they put a docker container registry in a docker container. But there’s one problem. There’s no GUI. There’s no access control. It’s not that exciting by itself. If only there was some open source project built off this registry container that had all the cool bells and whistles included. Oh, right, there is. Portus.
InSpec: Auditing and Testing Framework
Patch-level verification for Bundler
A key value store for storing per-developer environment and application keysProject mention: Where to store API keys without server access | reddit.com/r/iOSProgramming | 2021-02-21
Ruby FFI binding to the Networking and Cryptography (NaCl) library (a.k.a. libsodium)
:honey_pot: Unobtrusive and flexible spam protection for Rails appsProject mention: install gem invisible_captcha with devise | dev.to | 2021-03-03
Quick guide to add gem invisible_captcha to your devise registrations:
A small Ruby gem to generate YouTube-like hashes from one or many numbers. Use hashids when you do not want to expose your database ids to the user.
Linting tool for CloudFormation templatesProject mention: CloudFormation Best Practices | dev.to | 2021-01-05
cfn_nag is an open source command-line tool that performs static analysis of CloudFormation templates. It will search for insecure infrastructure like:
CIS Docker Benchmark - InSpec Profile
A security extension for devise, meeting industrial standard security demands for web applications.Project mention: Devise only allow one session per user at the same time | reddit.com/r/ruby | 2021-01-19
An alternative implementation.... https://github.com/devise-security/devise-security/blob/master/lib/devise-security/models/session_limitable.rb
Rack::UTF8Sanitizer is a Rack middleware which cleans up invalid UTF8 characters in request URI and headers.
OSSSM (awesome). Open source short-term secure messaging
ClamAV interface to your Ruby on Rails project.
InSpec profile to validate your VPC to the standards of the CIS Amazon Web Services Foundations Benchmark v1.1.0Project mention: A comparison of open-source infrastructure as code scanning tools | reddit.com/r/Terraform | 2021-03-11
Secure (interoperable) Remote Password Auth (SRP-6a)
A Ruby implementation of Threshold Secret Sharing (Shamir) as defined in IETF Internet-Draft draft-mcgrew-tss-03.txt
A flexible access control system for your Rails appProject mention: Release V2 - Active Entry Access Control | Now with policies | reddit.com/r/rails | 2021-04-03
A tool for the deterministic generation of unique user IDs, and NaCl cryptographic keys from a single username and high entropy passphrase.
What are some of the best open-source Security projects in Ruby? This list will help you:
|21||TSS - Threshold Secret Sharing||19|