This post originated from an RSS feed registered with Ruby Buzz by Jonathan Weiss. Original Post: 24C3 - Ruby on Rails Security Feed Title: BlogFish Feed URL: http://blog.innerewut.de/feed/atom.xml Feed Description: Weblog by Jonathan Weiss about Unix, BSD, security, Programming in Ruby, Ruby on Rails and Agile Development. Latest Ruby Buzz Posts Latest Ruby Buzz Posts by Jonathan Weiss Latest Posts From BlogFish

The slides and a video of my Ruby on Rails Security session are now online. The 24C3 was a lot of fun, unfortunately I couldn't spend all 4 days there.

My talk covered most of the common web application vulnerabilities like Cross Site Scripting and Cross Site Request Forgery, SQL and Code injection, and deployment security and how they apply to Rails. Further Ruby on Rails specific issues like Rails plugin security, JavaScript/Ajax security, and Rails configuration were be examined and best practice solutions were introduced.

<object height="355" width="425" style="margin:0px"><param name="movie" value="http://static.slideshare.net/swf/ssplayer2.swf?doc=ruby-on-rails-security-1199391394492149-3" /><param name="allowFullScreen" value="true" /><param name="allowScriptAccess" value="always" /><embed allowfullscreen="true" type="application/x-shockwave-flash" src="http://static.slideshare.net/swf/ssplayer2.swf?doc=ruby-on-rails-security-1199391394492149-3" allowscriptaccess="always" height="355" width="425"></embed></object>

| View | Upload your own

The is also a Google video version: Ruby on Rails Security.

Get the slides (PDF - 1.6 MB) or the video (mkv - 95 MB). Other formats are available from the official mirrors or the torrent site.