Security Risks On Rails: Misconfiguration and Unsafe Integrations

This page summarizes the projects mentioned and recommended in the original post on dev.to
Ruby Security Rails security-audit Static Analysis

InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

  • railsgoat

    A vulnerable version of Rails that follows the OWASP Top 10

    • As with the other articles, RailsGoat will be used to explore some aspects of these threats in practice. If you're new here, please refer to the previous two articles to get the app set up and get acquainted with what we’ve explored so far. Let's jump right in!

  • protected_attributes

    Protect attributes from mass-assignment in ActiveRecord models.

    • If you’re migrating from Rails 3 to a newer version and still don’t want to deal with that specific part, Rails still allows the use of the protected_attributes gem for a smoother upgrade path, but be mindful that this is just until version 5. From there on, no more support will be provided.

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • Ruby on Rails

    Ruby on Rails

    • This allows Rails to escape any HTML content in JSON responses, which is great. Make sure to always double-check whether the value is set to true since there’s some controversy about the default value, depending on the version of Rails.

  • Reek

    Code smell detector for Ruby

    • Other useful gems you may take a look at are dawnscanner, reek, and hakiri_toolbelt.

  • bundler-audit

    Patch-level verification for Bundler

    • Let’s take the super famous gem bundler-audit, for instance. It works closely with bundler to provide patch-level verification for your project gems, such as vulnerability checks, insecure gem sources, etc.

  • Brakeman

    A static analysis security vulnerability scanner for Ruby on Rails applications

    • Another great lib for this is Brakeman, which can be installed in a very similar process and gives you even more detailed reports:

  • dawnscanner

    Dawn is a static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.

    • Other useful gems you may take a look at are dawnscanner, reek, and hakiri_toolbelt.

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo

  • Hakiri

    Secure Ruby apps with Hakiri

    • Other useful gems you may take a look at are dawnscanner, reek, and hakiri_toolbelt.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • First commits in a Ruby on Rails app

    6 projects | dev.to | 17 Jan 2024

  • Github Pre-commit Hook Setup In Ruby On Rails for maintaining coding standards and productive.

    3 projects | dev.to | 28 Aug 2022

  • Is this query vulnerable to SQL injections?

    1 project | /r/rails | 22 Aug 2022

  • Fixing Just One False Positive in Brakeman

    2 projects | dev.to | 8 Nov 2021

  • [Tool] An alternative to Brakeman for Security

    2 projects | /r/rails | 11 Jul 2023