Secure Coding with Ruby on Rails

The Ruby on Rails framework offers simplicity that streamlines web application development. Developers who use it appreciate its flexibility and scalability. But, as with anything on the Internet, attackers are continually seeking new opportunities to infiltrate. Vulnerabilities include malicious Ruby Gems, injections, XSS, among others. These modules outline the most common vulnerabilities and how to code defensively.

24 Modules | 5 hrs 33 min| 9 Experiments | Green Belt Level
Try Ruby training modules!

Example Ruby Development Concepts

  • Security features built into Ruby
  • Common RoR attacks
  • Injection prevention  
  • Dependency Management
  • Authentication techniques
  • Sensitive data management
  • SCA tools and automation

What's Included?

We created this Green Belt path for developers coding in the Ruby on Rails framework. It includes our standard 13 Green Belt Secure Development modules with the addition of 12 new Secure Coding with Ruby lesson. Each of our lessons are short and conclude with a brief ten question assessment. The learning module length is purposeful – they are perfect for filling gaps in a developer’s day while code is deploying.

Secure Development Core Lesson Modules
Intro to Secure Development
Intro to Secure Coding
Secure Coding Best Practices: Part 1
Secure Coding Best Practices: Part 2
Language Typing
Securing the Development Environment
Protecting your Code Repository
Producing a Clean, Maintainable, & Secure Code Culture
Secure the Release
Designing a Secure App or Product
Thinking Like A Penetration Tester
Secure Design Principles in Action: Part 1
Secure Design Principles in Action: Part 2
Secure Coding with Ruby on Rails
Green Belt Path
Intro to Ruby Security
Ruby Threat Landscape
Secure Software Supply Chain
Input Validation with Ruby
Secure Coding with Ruby | Part 1​
Secure Coding with Ruby | Part 2​
Secure Coding with Ruby | Part 3
Building a Secure Rails Application
Ruby OWASP Top 10 | Part 1
Ruby OWASP Top 10 | Part 2​
Ruby OWASP Top 10 | Part 3
Static Code Analysis