简体繁体中英

How to hack your own Rails site?

原文 2014-01-18 12:42:52 8 1 ruby-on-rails/ security

I have developed a Rails site which will be used by my company for internal use by all employees. It is ready to go live, but I want to make sure it is secure enough to face the big, bad outside world. So I want to test the security of the site by trying to hack it. What are good starting points for this? Are there any good tutorials or tips you know?

1 answers

I like the brakeman gem for performing vulnerability scanning on Rails apps. Check out 'The Open Web Application Security Project' for current information about web app security.

As far as hacking yourself, aka 'pen testing', if security is of great importance to you, you're probably best off leaving it to security community to yield meaningful results. Either way, you can still try and test yourself.

Some great resources: Google Gruyere OWASP WebGoat Burp Suite (Burp Suite is probably my favorite) OWASP rails security guide(Also checkout OWASP Top 10 list) Hacking Dojo .com website and their Live CDs for pentesting This site Tweeter blog was a lot of fun ( I cant post many links due to reputation) but....allows you to try and perform SQL injection on a vulnerable app. I'm not sure how relevant it is today however.

How to include your own css files in a rails application using bower?

how to create your own rails generator without needing an argument?

Rails: make your own gem

How to stop accepting requests when you are upgrading your rails site?

Chaining your own method in Ruby on Rails

How to create your own methods like model.association.build in Rails?

How to make your own properties, eg. “devise :authenticable” in ruby / rails

How do you create your own less variables and import them into other stylesheets with the rails asset pipeline?

How do I render a site out on my own domain with Ruby on Rails or anything?

How to deal with resource usage of Rails? Is it good to hack everything?

暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to include your own css files in a rails application using bower? how to create your own rails generator without needing an argument? Rails: make your own gem How to stop accepting requests when you are upgrading your rails site? Chaining your own method in Ruby on Rails How to create your own methods like model.association.build in Rails? How to make your own properties, eg. “devise :authenticable” in ruby / rails How do you create your own less variables and import them into other stylesheets with the rails asset pipeline? How do I render a site out on my own domain with Ruby on Rails or anything? How to deal with resource usage of Rails? Is it good to hack everything?

Related Tags

How to hack your own Rails site?

Question

1 answers

solution1 5 ACCPTED 2014-01-18 13:13:54

solution1
5 ACCPTED 2014-01-18 13:13:54