Ruby, Rails, and Gems developer tools

Security Resources

Article from Issue 151/2013
Author(s):

Great tools and resources are available to help you write secure Ruby on Rails code. Kurt examines some tools and offers some tips.

I'll admit it: I'm old, and increasingly I find tech trends that surprise me. Ruby on Rails is one of those trends that it seems everyone is using now. A friend gave me a good explanation of why Ruby on Rails has sneaked up on me, despite the fact that it's been around for a decade.

Ruby on Rails is a great prototype system, so it's easy to sell in the sense of "why don't we make a rapid prototype using Rails?" But, of course, once you have a working prototype, you also have something you can sell to customers. So, given a choice between writing a new "real" product or tidying up the prototype and shipping it, people usually pick the second option. Fortunately, Ruby on Rails actually allows for scaling and other production issues, so you can usually get away with this approach.

But, as with any language and framework, the majority of developers using Ruby on Rails are paid to make working code – not secure code. This is unfortunate, because several great resources and tools can help you write secure Ruby on Rails code, and that's where Ruby really shines.

[...]

Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Download Article PDF now with Express Checkout
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
Print Issues
Digital Issues
SUBSCRIPTIONS
Print Subscriptions
Digital Subscriptions

Related content

  • Security Lessons

    When it comes to security, public disclosure of vulnerabilities and working exploit code is now common. We look at why this can be both harmful and helpful to securing your systems.

    more »
  • Critical Security Vulnerabilities

    We look at what makes a security issue critical and how upstream developers and vendors respond by examining three incidents: CVE-2013-0156, CVE-2013-0333, and rubygems.org. incident response handling.

    more »
  • Rails Framework

    Most web libraries make 90 percent of the job simple and the rest impossible. Rails,an open source framework programmed in Ruby,is flexible enough to succeed with that remaining 10 percent.

    more »
  • Critical Security Vulnerabilities

    We look at what makes a security issue critical and how upstream developers and vendors respond by examining three incidents: CVE-2013-0156, CVE-2013-0333, and rubygems.org. Moreover, we look at improvements that can make security better in the future – specifically, incident response handling.

    more »
  • Books
    more »
comments powered by Disqus