RR 328: Rails Security Beyond the Defaults with Matias Korhonen

Tweet this EpisodeMatias Korhonen has been writing Rails apps professionally at Kisko Labs, a Rails-focused software consultancy in Finland, for almost a decade. In his spare time he works on too many side projects (including Piranhas.co), a book price comparison site, and TLS.care (an SSL certificate monitoring service). He also somehow manages to find time to homebrew beer.The Rogues talk to Matias about securing your Rails applications. Rails comes with a lot of security features built in, but you can still leave yourself open to exploitation if you're not careful. Most of these problems occur in the portion of the app your write as opposed to the parts of the app that Rails handles for you. We go over several tools and techniques for making sure your application, access, and data are all secure.In particular, we dive pretty deep on:Tools that you can use to scan for vulnerabilities or add more security checks to your applicationsAuthentication and authorization mistakesSecurely managing dataand much, much more...Links:secureheadersbrakemanCode ClimateCloudFlarezxcvbnTroy Hunt article on pwned passwordsDevise Security ExtensionpunditDrifting Ruby episode on Complex Strong Parametersgemnasiumbundler-auditOWASP Zed Attack Proxy Projectrack-attackPicks:Brian:Regex 101Give and Take by Adam GrantEric:Indie HackersDave:Sumo LogicChuck:Ready Player One Comic-Con trailer breakdownMattermostRuby Rogues ParleyRuby Dev Summit (FREE)Matias: