I just discovered the Rails Security Guide, which is actually a pretty darn good intro text to web application security issues and attack vectors, whether you work in rails or not.
(In fact, there are some places which don’t contain useful Rails content I’d expect it to, it seems to mostly be a general text! The chapter on HTML Injection oddly doesn’t mention Rails 3.x auto-escaping in ERB <%= %>, and #html_escape, etc. )
But anyhow, recommended if you want to brush up on your knowledge of categories of attacks and types of defenses for web apps.
Advertisement
