2

For a recent project a friend of mine and I have been working on, we want to build a RESTful web API for client application usage. I believe that I have a fairly good grasp of the top-down picture after reading this, but am fairly clueless when it comes to security issues.

I know of OAuth and plan on implementing it, but are there any other concerns we should address first thing? I would hate to spend a large amount of time developing these features to find out later that we've left the site open for malicious attack.

Thanks.

Improve this question

2 Answers 2

Reset to default
3

If you are looking for general information on Web security, check out OWASP Ruby on Rails Security Guide V.2. (There's also a first edition which I read back in the day.) Check out OWASP's web site for more security related information.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Very good resource. I waited to read it all before I accepted, but this answers pretty much all concerns I had.
1

A few more resources for you:

Great walkthrough of common web attacks and how to deal with them in rails https://www.honeybadger.io/blog/guides/2013/03/09/ruby-security-tutorial-and-rails-security-guide

Rails insecure defaults http://blog.codeclimate.com/blog/2013/03/27/rails-insecure-defaults

All about sql injection, goes beyond the simple examples http://rails-sqli.org

New security issues are listed at

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.