ruby-on-rails
Safeguard articles tagged "ruby-on-rails" — guides, analysis, and best practices for software supply chain and application security.
5 articles
Securing a Dockerized Rails Local Dev Environment
A misplaced master.key or a permissive COPY . . can bake Rails credentials into an image layer forever — here's how to Dockerize Rails dev safely.
Rails mass assignment vulnerabilities and the strong para...
How a 2012 GitHub hack exposed Rails' mass assignment flaw, why attr_accessible failed, and how strong parameters became the lasting fix.
Auditing Rails applications' Gemfile for vulnerable depen...
A practical guide to auditing your Rails Gemfile and Gemfile.lock for vulnerable dependencies using bundler-audit, from triage through CI automation.
Rails Active Record SQL injection via raw queries and str...
A concrete look at how raw SQL and string interpolation reopen rails active record sql injection risk, from CVE-2012-2695 to modern where-clause and order-by exploits.
Path Traversal Prevention in Ruby with File.realpath
How File.realpath stops path traversal in Ruby apps, why File.expand_path alone fails, and what real CVEs like Sprockets' CVE-2018-3760 reveal about secure file handling.