Re: [Micronet] Free e-Book on Ruby on Rails security (and web apps in general)

From: Jack King <jpk_at_berkeley.edu>
Date: Mon, 10 Nov 2008 14:59:02 -0800 (PST)

I came across this article that mentions how easy it is to wrap an
insidious script in a tinyurl and send that innocent appearing url to an
unsuspecting recipient to capture secure information.

http://www.seomoz.org/ugc/protect-your-site-and-you-users-against-crosssite-scripting

> Heiko Webers has released a new version of a PDF-format book, "Ruby
> on Rails Security Version 2," focused on improving the security of
> web-based applications built using Rails:
>
> http://www.rorsecurity.info/the-book/
>
> Although much of the book is Rails-specific, many of the
> vulnerabilities and corresponding exploits it describes are generic
> to web-based applications. (For instance, a number of the
> vulnerabilities discussed are JavaScript-based.) There's also a
> brief, non-Rails-specific section on MySQL security.
>
> This is just one instance of an online resource covering the topic
> of web application security. Other members of this list are
> cordially invited to share similar resources ...
>
> Aron Roberts
> Information Services and Technology
>
>
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe
> from its mailing list and how to find out about upcoming meetings, please
> visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and
> the list's archives can be browsed and searched on the Internet. This
> means these messages can be viewed by (among others) your bosses,
> prospective employers, and people who have known you in the past.
> 

-- 
Jack King
Disabled Students Program
50 Cesar Chavez Center
(510) 642-2103
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
-
Webnet information is available at http://webnet.berkeley.edu. Email sent to this list is archived at http://ls.berkeley.edu/mail/webnet/ . This archive is open to the general public and browsable by search engine spiders, email-address harvesting robots, your bosses, etc.
Received on Thu Nov 13 2008 - 08:47:41 PST

This archive was generated by hypermail 2.2.0 : Thu Nov 13 2008 - 08:47:42 PST