Several people asked me about automatic assessment tools to check the security of an application stack. My opinion is that they may be a great support, but they cannot replace some manual work (oh, well, maybe). Rails test are a great way to make sure your application is safe, but you have to write them […]
![Add '[WebAppSec] Automatic security and HackerSafe' to Del.icio.us](http://www.rorsecurity.info/wp-content/plugins/social-bookmarking-reloaded/delicious.png "Add '[WebAppSec] Automatic security and HackerSafe' to Del.icio.us")
![Add '[WebAppSec] Automatic security and HackerSafe' to digg](http://www.rorsecurity.info/wp-content/plugins/social-bookmarking-reloaded/digg.png "Add '[WebAppSec] Automatic security and HackerSafe' to digg")
![Add '[WebAppSec] Automatic security and HackerSafe' to Technorati](http://www.rorsecurity.info/wp-content/plugins/social-bookmarking-reloaded/technorati.png "Add '[WebAppSec] Automatic security and HackerSafe' to Technorati")
![Add '[WebAppSec] Automatic security and HackerSafe' to Stumble Upon](http://www.rorsecurity.info/wp-content/plugins/social-bookmarking-reloaded/stumbleupon.png "Add '[WebAppSec] Automatic security and HackerSafe' to Stumble Upon")
Tags: Rails · Uncategorized · WebAppSec
Cross Site Reference Forgery works by including malicious code or a link in a page that accesses a web application that the user is believed to have authenticated. If the session for that web application has not timed out, an attacker may execute unauthorized commands.
Most Rails applications use cookie-based sessions. Either they store the […]
Tags: Rails · WebAppSec · XSS and Rails
