Category: security
6 Easy Steps To Understand Web And Mobile Application Authentication
TL;DR At Zagreb Webcamp 2018, I attended talk A Token Walks Into a SPA… by Ado Kukic. During the Q and A session I finally realized difference between JWT and…
Why You Should Set Up HTTP Strict Transport Security Header on Your Site
TL;DR At WebCamp Zagreb I attended Luka Kladaric excellent talk on HTTP Strict Transport Security Header (HSTS) Header. This talk and Q&A session at the end helped me to fully…
Ruby on Rails bottom up security – sensitive data exposure
OWASP, Ruby on Rails, security
TL;DR This post is about risk sensitive data exposure in your Ruby on Rails application. It will cover unauthorized access and cross site request forgery check (CSRF). Unauthorized access risk…
Ruby on Rails bottom up security – mass assignment
OWASP, Ruby on Rails, security
TL;DR Mass assignment is security risk where user can create/update data attributes that is not allowed to update. Here is an example. Imagine application that registers your employees working hours….
Ruby on Rails bottom up security – Cross site scripting (XSS) check
TL;DR This post explains how to check your Rails application source code for cross site scripting (XSS) attack. Cross site scripting means that your application accepts html code as user…
Ruby on Rails bottom up security – authentication and session management check
Ruby on Rails, security, security testing
TL;DR This post is about checking “The Gates” of your Rails application. Every web application is a set of urls. Some of them are publically available and some are available…
Ruby on Rails bottom up security – sql injection check
Ruby on Rails, security, security testing, Uncategorized
TL;DR This post will explain how to check your Ruby on Rails code base against sql injections [Wikipedia]. After you have read Wikipedia source link about sql injections, you are…
