Ram Sharma Cyber Alerts

This manual describes common security problems in web applications and how to avoid them with Rails. Secure coding checklist : Ruby on Rails  : Attack Vector/Vulnerability Solution input/output validation white-list filtering as early as possible use  safeERB ,  XSSshield , etc. use  .find(params[:id])  only with additional parameters or  @user.order.find(id) SQL injections use  bind variables  and an array for SQL queries using  .find use  sanitize_sql()  or  prepared statement  for remote SQL queries use  protect_from_forgery  (CSRF) use escape methods for Shell LDAP ... Mass Assignment use  attr_accessible don't pass user-data to  .new  or  .create take care with  redirect_to session handling use SSL use strong passwords only 6 characters numbers and letters verify with  cracklib-ruby use password  salt use  key derivation function  for further processing ( RFC 2898 ) use a random+changing  :secret  for the Cookies all controller

Securing Your Application (web) third layer of security  by basic coding practices . T his part will focus completely on the third layer of security - your application itself. So here, I will show you techniques that you can use to protect your  application  from attacks and intrusions by simple coding practices . Using a Database When communicating with a database and in order for your data to remain safe, keep the following key points in mind: Always Escape Queries To stop attackers from using  SQL Injection , you have to escape all users' input so they can't inject SQL queries into your application(for example, during a login). In pretty much all of the database drivers, for all languages, there is an option to escape user input. For example in  node-mysql  for Node.js, instead of doing your queries like this: 1 connection.query( 'SELECT * FROM users WHERE name = \'' + username + '\' AND password = \'' + password '\';&#