Product SiteDocumentation Site

Chapter 3. Web Application Security

3.1. Common attacks and mitigations
3.1.1. Command injection
3.1.2. Cross site scripting (XSS)
3.1.3. Cross site request forgery (CSRF)
3.1.4. Guidelines and principles
3.2. Client-side security
3.2.1. Same origin policy
3.2.2. Bypassing same origin policy
3.2.3. Content Security Policy (CSP)
3.2.4. HTTP Strict Transport Security
3.2.5. X-XSS-Protection
3.2.6. X-Frame-Options
3.2.7. X-Content-Type-Options
3.2.8. Configuring Rails
3.2.9. Guidelines and recommendations
3.3. Application server configuration and hardening
3.3.1. Logging
Web application development is one of the most popular usages of Ruby language thanks to the popularity of Ruby on Rails. Following chapter is dedicated to security of web applications with most of the content being framework-independent, while examples and implmentation specific problems are targeted to Ruby on Rails.
Ruby on Rails as a popular web framework already helps with a web application security by providing secure defaults, useful helper methods, automatic html escaping etc.