Mastodawn

Friendly.rb Sep 18, 2024

Greg talking about OWSAP - Top 10 for Rails Developers
@gregmolnar at #friendlyrb

Show thread

Friendly.rb Sep 18, 2024

Greg @gregmolnar about how @rails has settings to help with security
#friendlyrb

Show thread

Friendly.rb Sep 18, 2024

Think about Insecure Design and about what could go wrong
@gregmolnar
#friendlyrb

Show thread

Friendly.rb Sep 18, 2024

Example of a code that allows SQL injection as second order SQL injection - @gregmolnar

#friendlyrb

Show thread

Friendly.rb Sep 18, 2024

Methods that when used wrong can allow SQL injection
@gregmolnar
#friendlyrb

Show thread

Friendly.rb

"Broken Access Control is the most common security problem" - @gregmolnar

- Strong Authorization
- Whitelist approach
- UUIDs are not equal to authorization (UUIDs can be leaked for example)
- Foreign keys (eg. Allow user to set the foreign key for an association
#friendlyrb

Show thread

Friendly.rb Sep 18, 2024

@gregmolnar inviting us to subscribe to This Week in Rails
#friendlyrb