comments (not for humans)

[Security] Avoiding SQL injection and XSS in your Ruby on Rails application

October 24, 2006 - 14:27 CEST Ruby on rails (RoR) is rapidly gaining popularity as a platform for developing web applications. However most tutorials teach you to write highly unsecure code that will allow attackers to exploit your applications. This is especially true for XSS (Cross Site Scripting).
[...]

3 comment(s) | Permalink | | This entry has been viewed 9809 time(s).

[1 - 1]

About Erlend

I'm a senior consultant at Bekk Consulting AS. This blog is about software development, with a special focus on security.

Follow me on twitter

Latest posts

31.08	[Security] Rails 3.0 and XSS-protection
6.07	[Security] Avoiding NoSQL-injection with MongoDB
27.06	[Security] NOSQL-injection
7.06	[.NET] Microsoft Pex - exploratory testing
18.05	[Security] Security podcasts

Tag cloud

.net, .netspec, adam, ad lds, ajax, asp.net, authorization, axis, bdd, certificates, conference, cookie, craftsman, crossdomain, cross site scripting, csrf, css, escaping, firefox, flash, flex, httponly, input validation, javascript, jquery, jsonp, nosql, nosql-injection, output escaping, owasp, password, phishing, ql-injection, rails, rfi, security, silverlight, spam, speaker, sql-injection, sql injection, ssl, talk, tdd, testing, unit testing, web services, wse, wss4j, x509, xml, xsrf, xss

Categories

All - [RSS]
.NET - [RSS]
Agile - [RSS]
CSS/HTML/Js - [RSS]
Frameworks - [RSS]
Java - [RSS]
Security - [RSS]
Testing - [RSS]
Web Services - [RSS]

Blogroll

Honeynor
BEKK Open
movito
Vidar's musings
Aslak Hellesøy
Geekbeing's rants
Jeremiah Grossman
RSnake
Mike Andrews
Schneier on security
Michael Sutton's blog
Network security blog
On code development
Change is nothing, everything is
leif
hamang.net
Andreas' code blog
The Dilbert Blog
Pearls before swine

(IN)SECURE Magazine