Security - thuy-econsys/rails_app GitHub Wiki
- enable email notifications for both email as well as password changes in
config/initializers/devise.rb. Devise disables these by default. - implement Input Validations
- review difference between
password.blank?andpassword.present?
- review difference between
References
- Ruby on Rails Cheatsheet | OWASP Cheat Sheet Series
- Preventing security issues in Ruby on Rails (based on OWASP cheatsheet)
- Rails Security Checklist | eliotsykes/rails-security-checklist GitHub
- Zen Rails Security Checklist | brunofacca/zen-rails-security-checklist GitHub
- Secure Rails - Rails security best practices | ankane/secure_rails GitHub
- How To: Command Injections | HackerOne - demos Command Injections using Ruby scripts