Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

awesome-ruby-security

Awesome Ruby Security resources
https://github.com/pxlpnk/awesome-ruby-security

  • secure-headers - Manages application of security headers with many safe defaults.
  • Rack::Attack - Middleware for blocking and throttling requests.
  • Ronin - Ronin is a free and Open Source Ruby toolkit for security research and development.
  • Salus - Multi purpose security scanning tool supporting Ruby, Node, Python and Go.
  • Snyk - Continuously and automatically finds & fixes vulnerabilities for Ruby and other languages.
  • brakeman - A static analysis security vulnerability scanner for Ruby on Rails applications.
  • rubocop-gitlab-security - A set of rules to extend rubocop with additional security rules.
  • dawnscanner - A static analysis security scanner for ruby applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.
  • git-secrets - Prevents you from committing secrets and credentials into git repositories.
  • DevSkim - DevSkim is a set of IDE plugins and rules that provide security "linting" capabilities. Also has support for CLI so it can be integrated into CI/CD pipeline.
  • ban-sensitive-files - Checks filenames to be committed against a library of filename rules to prevent storing sensitive files in Git. Checks some files for sensitive contents (for example authToken inside .npmrc file).
  • rails_best_practices - A static code analyzer for Ruby on Rails applications that finds - among other things - common patterns that might lead to security vulnerabilities.
  • Rails Application Routes Parser - A script that print out ruby on rails application routes/URLs.
  • Bearer - A code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
  • bundler-audit - Patch-level verification for Ruby apps.
  • ruby-advisory-db - Open source database of security advisories that are relevant to Ruby libraries.
  • GemScanner - GemScanner identifies depreciated versions of gems in your ruby on rails project.
  • RailsGoat - A vulnerable version of Rails that follows the OWASP Top 10 http://railsgoat.cktricky.com .
  • DeleteMe - Educational insecure Rails application.
  • Rails Security Guides - The essentials to read when dealing with Rails Applications.
  • Securing Ruby and Rails Apps - Applying static code analysis and dependency checking in your CI/CD pipeline.
  • OWASP Ruby on Rails Cheatsheet - This Cheatsheet intends to provide quick basic Ruby on Rails security tips for developers. It complements, augments or emphasizes points brought up in the rails security guide from [rails core](https://guides.rubyonrails.org/security.html).
  • Rails security checklist - 🔑 Community-driven Rails Security Checklist.
  • Attacking Ruby on Rails Applications - Phrack article by [joernchen](https://twitter.com/joernchen) on finding security vulnerabilities in Rails applications.
  • Zen Rails Security Checklist - A well-documented Rails security checklist.
  • Rails security best practices - A good overview of usefull things to look out for when working with Rails.
  • Securing Rails Application from developers perspective - A detailed blog on Ruby on Rails security from developers perspective that contains OWASP Top & other application issues with fixes / recommendation and fix codes.
  • Rubyfu - Offensive security book for rubyist ([Source](https://github.com/rubyfu/RubyFu))
  • Ruby gem installations can expose you to lockfile injection attacks - security blindspots of lockfile injection in the Ruby ecosystem
  • Security for Developers - Newsletter catering towards developers and covering many languages.
  • Ruby Bug Bounty Program - Found a bug in the Ruby language? Report it there.
  • Ruby Security Updates - Follow the latest security announcements.
  • Twitter
  • ![CC0
Programming Languages
Ruby 8 HTML 2 JavaScript 2 Python 1 Go 1 C# 1 Shell 1
Keywords
security 10 ruby 6 rails 5 security-audit 4 security-tools 4 ruby-on-rails 4 vulnerabilities 4 static-analysis 3 npm 3 checklist 2 security-scanner 2 appsec 2 brakeman 2 security-vulnerability 2 circleci 1 coinbase 1 cves 1 golang 1 gosec 1 js 1 salus 1 security-scanners 1 yarn 1 audit 1 ronin-rb 1 ronin 1 orm 1 network-tools 1 infosec 1 hacking 1 database 1 ctf-tools 1 ctf-tool 1 console 1 cli 1 nodejs 1 docker 1 ci 1 devsecops-tools 1 gdpr 1 owasp 1 privacy 1 sast 1 security-automation 1 static-code-analysis 1 vulnerability 1 advisory-files 1 metadata 1 rubysec 1 security-advisories 1