Here is an interesting general document about web application security, a list with frequently asked questions: http://www.owasp.org/index.php/OWASP_AppSec_FAQ
It gives good advice on how to design the login process. It describes a best practice for the "Lost Password" feature, which is especially important these days where there are an increasing number of attacks based on this feature. […]
Tags: Rails
Several sources, for example this, state that Ajax applications are more complex due to their asynchronous nature, or that Ajax might cause more entry points for attackers, whileother sources claim the opposite. However, the classes of attacks stay largely the same,so the advices given herein apply to Ajax applications, as well, especially input and output […]
Tags: Rails
SQL injection attacks aim at injecting database queries by manipulating web application parameters. Almost all SQL injection attacks are immediately reflected, that means a malicious parameter moves from the client to the server, will be put together to a SQL query, sent to the database server and the result will be returned to the client. […]
Tags: Rails
The W3C advises when to use GET requests:
Use GET if:
The interaction is more like a question (i.e., it is a safe operation such as a query,read operation, or lookup).
Use POST if:
The interaction is more like an order, or
The interaction changes the state of the resource in a way that the user would perceive(e.g., a subscription […]
Tags: Rails
I found several regular expressions to validate all sorts of things, URLs, names, email addresses, et cetera. Here is an example for an email address validation, I found:
/^([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})$/i
How do you like the following email address, which validates fine with this filter?:
hre32443_d.@ter.com%0A<script>alert('hello')</script>
%0A is a line break.
^$ in Ruby match LINE begin and end, not the overall […]
Tags: Rails
These attacks focus on fixing a user's session identifier known to the attacker, and forcing the user's browser and the web application into using this identifier. The first step in such attacks is to create a valid session identifier. While other session managements (in PHP, for example) accept arbitrary identifiers, and create a valid session […]
Tags: Rails
Session hijacking is a class of attacks where an attacker gets hold of a session identifer of another user. Consequently, he gets access to the web application, because the sessionidentifer serves as temporary login credential. The most popular way of hijacking a session is to steal the session identifer. There are several ways doing this.Most […]
Tags: Rails
As the HTTP protocol is stateless, a logged in client, for example, would have to provide his login name and password for every request he makes, because the server cannot maintain the state during subsequent user's requests. The idea of adding a state to requests is to save information about the exchanged data on the […]
Tags: Rails
By default Ruby on Rails URLs have the following format: http://www.domain.com/project/show/1, whereas "show" is the action to be performed and "1" is the project id, which is the primary key of the project table (i.e. a project's main identifier is the id, but it could be something else, such as the name). It will be […]
Tags: Rails
In many cases web applications save user entered data to files and deliver file uploads. You should always filter file names that come directly from the user, as an attacker could use a malicious file name to download or overwrite any file on the server. If you use a file name that the user entered […]
Tags: Rails
