ruby · Ruby On Rails

Ruby on Rails Security Guide

Please refer the following for Ruby on Rails best practices on the security. CSRF and XSS are the most important ones:-   1) CSRF – https://selvaonrails.wordpress.com/2012/04/03/ruby-on-rails-security-csrf-3/ 2) XSS – https://selvaonrails.wordpress.com/2012/04/03/ruby-on-rails-security-xss-2/ 3) Protection flags on cookies – https://selvaonrails.wordpress.com/2012/04/03/ruby-on-rails-security-protection-flags-on-session-cookies/ 4) Filter parameter logging – https://selvaonrails.wordpress.com/2012/04/03/ruby-on-rails-security-filtering-parameter-logging/

ruby · Ruby On Rails

Ruby on Rails Security – Protection Flags on Session Cookies

Analysis: When an unsuspecting user visits the site, the JavaScript executes, stealing the ‘sessionId’ cookie and sending it to the malicious user. Using the victim’s session ID, the malicious user can hijack the victim’s session and perform actions on their behalf. Solution and Fix: Add the ‘HttpOnly’ flag to the Set-Cookie directive for the session… Continue reading Ruby on Rails Security – Protection Flags on Session Cookies