These days, maintaining a secure codebase is crucial. Vulnerabilities in your application’s dependencies can pose significant risks to the security of your application. This is where tools like bundler-audit come into play. bundler-audit
is a gem that helps you identify and manage security vulnerabilities in your Rails application’s external dependencies. In this article, we will explore how to use bundler-audit
to keep your Rails codebase secure.
Articles on Security
Ensuring that your company’s website is current with compliance standards is extremely important and essential for any Rails application. Operating with a compliant application guarantees security that can help with handling sensitive data and maintaining users’ trust. The more compliant your website is, the more secure it will be against data breaches, which helps users feel safe when they’re using it.
So what does it take to be compliant? In this article, we will focus on security and cover some indicators to help identify if your Rails app might not be compliant anymore.
Read moreSecurity is a huge concern for web applications. To protect your Rails app from potential vulnerabilities and threats, it’s essential to perform regular security assessments. Brakeman, a widely used static analysis tool for Ruby on Rails, can help you identify security vulnerabilities proactively.
In this article, we’ll explore how to use Brakeman to check your Rails app for security vulnerabilities.
Read moreOn Monday June 12th, 2023, FastRuby.io partnered with Expedited Security to talk about how to secure your Ruby on Rails application.
In this free webinar Ernesto Tagwerker (FastRuby.io) and Mike Buckbee (Expedited Security) discussed topics of interest related to Rails security (exploitable ActiveRecord code, vulnerable dependencies, botnets, DDoS, a breakdown of common threats, and more).
You’ll also get a sneak peak of Wafris, an Open Source service to prevent attackers and dark traffic to your application and of our new Rails Security Audit, a service to detect vulnerabilities and exploitable code in your app!
Read moreAt FastRuby.io we love Ruby on Rails because it is so powerful: You can quickly create an application that is feature complete, stable, and secure
Unfortunately, maintaining a Rails application up to date and secure takes some effort.
In this blog post, we will cover a few Ruby gems and best practices that you can use to stay on top of your security, reliability, and stability needs.
Read moreHave you ever tried to update a Rails app from 5.2 to 6.0, or from 6.0 to 6.1? If so, you might have seen this deprecation:
DEPRECATION WARNING: Dangerous query method (method whose arguments are used as raw SQL) called with non-attribute argument(s): "random()". Non-attribute arguments will be disallowed in Rails 6.0. This method should not be called with user-provided values, such as request parameters or model attributes. Known-safe values can be passed by wrapping them in Arel.sql(). (called from ...)
Note: While this deprecation message mentions Rails 6.0 as the version where the behavior is disallowed, that change was postponed, so the deprecation also shows in Rails 6.0. The behavior is actually disallowed in Rails 6.1.
What does this deprecation mean exactly? In this article, I will explain that in plain English, what issue it is trying to prevent, and how to fix the problem if you come across it in your codebase.
Read more