Hi! And welcome to my guide on Ruby on Rails - Security. This is an add-on resource for my course on Ruby on Rails Security available at Code Red - EC Council. Here, you will find additional information, resources and guides to help further your understanding about Cybersecurity and Ruby on Rails - Security. {WIP}

Pre-requisites / Initial Course Information & Resources

List of topics

• Section 1 - Introduction

  What is Ruby? What is Rails?

  Why Ruby on Rails?

  About this course

• Section 2 - Injections in Rails

  SQL Injection

  Cross site Scripting

  Header Injection

  Command, CSS and AJAX Injection

• Section 3 - CSRF & Clickjacking in Rails

  What is CSRF

  CSRF in rails

  Countermeasures

  What is Clickjacking

  Clickjacking in rails & Countermeasures

• Section 4 - Default Headers + CSPs

  What are headers

  Default headers rails generates

  CSPs

• Section 5 - Rate limiting using rack attack

  What is rate limiting

  Rate limiting tactics and strategies

  Safelisting and blacklisting

  Tracking and throttling

  Advanced Concepts of Rate limiting using rack attack

  Combining it all together

• Section 6 - Filters & Testing applications using Brakeman

  File uploads - Basics

  Scanning files for viruses using clamav

  Image filter - blocking images

  Image filter - blocking based on content type

  Image filter - fixing metadata leak

  Why and how to test using brakeman

  Analyzing results of brakeman report

• Section 7 - Wind up

  What's covered so far. What you should learn next.

  Goodbye!

Ruby on Rails - Course - Guide