The Ruby on Rails Security Project would like to help you make your Rails applications more secure. I'm Heiko Webers of bauland42 and I also do Rails security audits. You read the official Rails Security Guide? Great, so we know each other already, I wrote it. Contact me at 42 -the AT sign- bauland42.de or on Twitter.

Do you have a Rails security strategy?
Here's the new complete Rails guide to developing an overall security strategy. If you sign up today, I’ll give it to you for free.

Most Popular
This site is currently being updated to be more useful, enter your email to be notified

The Book


As part of our effort to make Ruby on Rails applications known for its good security, I have written a compact-style book in 2008. I believe that making Rails applications more secure, can't be done solely by implementing security features in the framework, but also by help the community learning about security.

Note: The book is made available to the community completely free of charge. You may read it, send it to your colleagues and link to this page from your blog. Conditions:

Attribution. You must attribute the work and keep the original copyright notice.

Share — You are free to copy, distribute and transmit the work.

Remix — You are free to adapt the work.

Noncommercial. You may not use this work for commercial purposes.

You might also consider a Ruby on Rails security audit by me.