I want to make sure all security aspects of my application are covered. I know this will probably vary from application to application, but what are the general things you should make sure you are doing to prevent security开发者_如何学Go breaches?
Ryan Bates did a nice railscast on security that i have gotten something out of, you may want to check it out.
http://railscasts.com/episodes/178-seven-security-tips
The official rails guide on security is really good:
http://guides.rubyonrails.org/security.html
The site itself:
- Are all the pages that required a login protected?
- If an error occurs in the application does the user retrieve a general message instead of YSOD (asp mvc)
- https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
After that there are also external risk: A database-backup gets lost(stolen) , social engineers , angry co-workers , unpatched servers , ....
attr_accessible, if you're not using it your models then that's a big security flaw as your users could effectively change any fields they want.
精彩评论