66 min listen
RR 328: Rails Security Beyond the Defaults with Matias Korhonen
FromRuby Rogues
ratings:
Length:
53 minutes
Released:
Sep 19, 2017
Format:
Podcast episode
Description
Tweet this Episode
Matias Korhonen has been writing Rails apps professionally at Kisko Labs, a Rails-focused software consultancy in Finland, for almost a decade. In his spare time he works on too many side projects (including Piranhas.co), a book price comparison site, and TLS.care (an SSL certificate monitoring service). He also somehow manages to find time to homebrew beer.
The Rogues talk to Matias about securing your Rails applications. Rails comes with a lot of security features built in, but you can still leave yourself open to exploitation if you're not careful. Most of these problems occur in the portion of the app your write as opposed to the parts of the app that Rails handles for you. We go over several tools and techniques for making sure your application, access, and data are all secure.
In particular, we dive pretty deep on:
Tools that you can use to scan for vulnerabilities or add more security checks to your applications
Authentication and authorization mistakes
Securely managing data
and much, much more...
Links:
secureheaders
brakeman
Code Climate
CloudFlare
zxcvbn
Troy Hunt article on pwned passwords
Devise Security Extension
pundit
Drifting Ruby episode on Complex Strong Parameters
gemnasium
bundler-audit
OWASP Zed Attack Proxy Project
rack-attack
Picks:
Brian:
Regex 101
Give and Take by Adam Grant
Eric:
Indie Hackers
Dave:
Sumo Logic
Chuck:
Ready Player One Comic-Con trailer breakdown
Mattermost
Ruby Rogues Parley
Ruby Dev Summit (FREE)
Matias:
Webpacker 3.0
ActiveStorage
Heroku
Special Guest: Matias Korhonen.
Matias Korhonen has been writing Rails apps professionally at Kisko Labs, a Rails-focused software consultancy in Finland, for almost a decade. In his spare time he works on too many side projects (including Piranhas.co), a book price comparison site, and TLS.care (an SSL certificate monitoring service). He also somehow manages to find time to homebrew beer.
The Rogues talk to Matias about securing your Rails applications. Rails comes with a lot of security features built in, but you can still leave yourself open to exploitation if you're not careful. Most of these problems occur in the portion of the app your write as opposed to the parts of the app that Rails handles for you. We go over several tools and techniques for making sure your application, access, and data are all secure.
In particular, we dive pretty deep on:
Tools that you can use to scan for vulnerabilities or add more security checks to your applications
Authentication and authorization mistakes
Securely managing data
and much, much more...
Links:
secureheaders
brakeman
Code Climate
CloudFlare
zxcvbn
Troy Hunt article on pwned passwords
Devise Security Extension
pundit
Drifting Ruby episode on Complex Strong Parameters
gemnasium
bundler-audit
OWASP Zed Attack Proxy Project
rack-attack
Picks:
Brian:
Regex 101
Give and Take by Adam Grant
Eric:
Indie Hackers
Dave:
Sumo Logic
Chuck:
Ready Player One Comic-Con trailer breakdown
Mattermost
Ruby Rogues Parley
Ruby Dev Summit (FREE)
Matias:
Webpacker 3.0
ActiveStorage
Heroku
Special Guest: Matias Korhonen.
Released:
Sep 19, 2017
Format:
Podcast episode
Titles in the series (100)
Episode 6: 006 RR Conferences and User Groups: This week the rogues discuss the importance of conferences and user groups to the Ruby community. - Panelists David Brady (blog twitter github ADDcasts) Peter Cooper (site twitter github The Ruby Show Ruby Inside) by Ruby Rogues