RR 328: Rails Security Beyond the Defaults with Matias Korhonen

Tweet this EpisodeMatias Korhonen has been writing Rails apps professionally at Kisko Labs, a Rails-focused software consultancy in Finland, for almost a decade. In his spare time he works on too many side projects (including Piranhas.co), a book price comparison site, and TLS.care (an SSL certificate monitoring service). He also somehow manages to find time to homebrew beer.The Rogues talk to Matias about securing your Rails applications. Rails comes with a lot of security features built in, but you can still leave yourself open to exploitation if you're not careful. Most of these problems occur in the portion of the app your write as opposed to the parts of the app that Rails handles for you. We go over several tools and techniques for making sure your application, access, and data are all secure.In particular, we dive pretty deep on:

• Tools that you can use to scan for vulnerabilities or add more security checks to your applications
• Authentication and authorization mistakes
• Securely managing data
• and much, much more...

Links:

• secureheaders
• brakeman
• Code Climate
• CloudFlare
• zxcvbn
• Troy Hunt article on pwned passwords
• Devise Security Extension
• pundit
• Drifting Ruby episode on Complex Strong Parameters
• gemnasium
• bundler-audit
• OWASP Zed Attack Proxy Project
• rack-attack

Picks:Brian:

• Regex 101
• Give and Take by Adam Grant

Eric:

• Indie Hackers

Dave:

• Sumo Logic

Chuck:

• Ready Player One Comic-Con trailer breakdown
• Mattermost
• Ruby Rogues Parley
• Ruby Dev Summit (FREE)

Matias:

• Webpacker 3.0
• ActiveStorage
• Heroku

Special Guest: Matias Korhonen.

Advertising Inquiries: https://redcircle.com/brands

Privacy & Opt-Out: https://redcircle.com/privacy

Become a supporter of this podcast: https://www.spreaker.com/podcast/ruby-rogues--6102073/support.