rails-security
Safeguard articles tagged "rails-security" — guides, analysis, and best practices for software supply chain and application security.
9 articles
Rails Security Best Practices: Strong Parameters, SQL, and Gems
Rails ships secure defaults, but mass assignment, string-interpolated SQL, and unvetted gems still cause real breaches. Here is how to hold the line.
Ruby Security Best Practices: Deserialization, Injection, and the Gem Supply Chain
Rails is safe by default — until a developer reaches for YAML.load, Kernel#open, or a raw-string query. Here are the Ruby footguns and the gem hygiene that keep them closed.
Ruby Security Explained
Ruby security in one place: the 2019 rest-client hijack, CVE-2022-32224's RCE, RubyGems' MFA mandate, and 2025's credential-stealing gem campaign.
Ruby deserialization vulnerabilities: Marshal.load, YAML....
A decade of Ruby CVEs — from CVE-2013-0156 to CVE-2022-32224 — shows how Marshal.load and YAML.load turn untrusted input into remote code execution.
Rails mass assignment vulnerabilities and the strong para...
How a 2012 GitHub hack exposed Rails' mass assignment flaw, why attr_accessible failed, and how strong parameters became the lasting fix.
Auditing Rails applications' Gemfile for vulnerable depen...
A practical guide to auditing your Rails Gemfile and Gemfile.lock for vulnerable dependencies using bundler-audit, from triage through CI automation.
Rails Active Record SQL injection via raw queries and str...
A concrete look at how raw SQL and string interpolation reopen rails active record sql injection risk, from CVE-2012-2695 to modern where-clause and order-by exploits.
Ruby supply chain security report
A report on Ruby supply chain security: malicious RubyGems campaigns, maintainer credential compromises, and 2025's RubyGems governance dispute.
SQL Injection Prevention in Ruby with exec_params Binding
Ruby's pg gem makes SQL injection preventable with one method change. Here's how exec_params binds parameters, why Rails CVEs keep recurring, and how to migrate safely.