Safeguard
Tag

rails-security

Safeguard articles tagged "rails-security" — guides, analysis, and best practices for software supply chain and application security.

9 articles

Security Guides

Rails Security Best Practices: Strong Parameters, SQL, and Gems

Rails ships secure defaults, but mass assignment, string-interpolated SQL, and unvetted gems still cause real breaches. Here is how to hold the line.

Jul 3, 20265 min read
Security Guides

Ruby Security Best Practices: Deserialization, Injection, and the Gem Supply Chain

Rails is safe by default — until a developer reaches for YAML.load, Kernel#open, or a raw-string query. Here are the Ruby footguns and the gem hygiene that keep them closed.

Jul 1, 20266 min read
Industry Analysis

Ruby Security Explained

Ruby security in one place: the 2019 rest-client hijack, CVE-2022-32224's RCE, RubyGems' MFA mandate, and 2025's credential-stealing gem campaign.

Feb 23, 20267 min read
Industry Analysis

Ruby deserialization vulnerabilities: Marshal.load, YAML....

A decade of Ruby CVEs — from CVE-2013-0156 to CVE-2022-32224 — shows how Marshal.load and YAML.load turn untrusted input into remote code execution.

Feb 2, 20268 min read
Industry Analysis

Rails mass assignment vulnerabilities and the strong para...

How a 2012 GitHub hack exposed Rails' mass assignment flaw, why attr_accessible failed, and how strong parameters became the lasting fix.

Jan 27, 20267 min read
Open Source Security

Auditing Rails applications' Gemfile for vulnerable depen...

A practical guide to auditing your Rails Gemfile and Gemfile.lock for vulnerable dependencies using bundler-audit, from triage through CI automation.

Jan 26, 20268 min read
Industry Analysis

Rails Active Record SQL injection via raw queries and str...

A concrete look at how raw SQL and string interpolation reopen rails active record sql injection risk, from CVE-2012-2695 to modern where-clause and order-by exploits.

Jan 26, 20267 min read
Open Source Security

Ruby supply chain security report

A report on Ruby supply chain security: malicious RubyGems campaigns, maintainer credential compromises, and 2025's RubyGems governance dispute.

Nov 21, 20257 min read
Industry Analysis

SQL Injection Prevention in Ruby with exec_params Binding

Ruby's pg gem makes SQL injection preventable with one method change. Here's how exec_params binds parameters, why Rails CVEs keep recurring, and how to migrate safely.

Oct 26, 20257 min read
rails-security — Safeguard Blog