Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-ruby-security
Awesome Ruby Security resources
https://github.com/pxlpnk/awesome-ruby-security
- secure-headers - Manages application of security headers with many safe defaults.
- Rack::Attack - Middleware for blocking and throttling requests.
- Ronin - Ronin is a free and Open Source Ruby toolkit for security research and development.
- Salus - Multi purpose security scanning tool supporting Ruby, Node, Python and Go.
- Snyk - Continuously and automatically finds & fixes vulnerabilities for Ruby and other languages.
- brakeman - A static analysis security vulnerability scanner for Ruby on Rails applications.
- rubocop-gitlab-security - A set of rules to extend rubocop with additional security rules.
- dawnscanner - A static analysis security scanner for ruby applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.
- git-secrets - Prevents you from committing secrets and credentials into git repositories.
- DevSkim - DevSkim is a set of IDE plugins and rules that provide security "linting" capabilities. Also has support for CLI so it can be integrated into CI/CD pipeline.
- ban-sensitive-files - Checks filenames to be committed against a library of filename rules to prevent storing sensitive files in Git. Checks some files for sensitive contents (for example authToken inside .npmrc file).
- rails_best_practices - A static code analyzer for Ruby on Rails applications that finds - among other things - common patterns that might lead to security vulnerabilities.
- Rails Application Routes Parser - A script that print out ruby on rails application routes/URLs.
- Bearer - A code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
- bundler-audit - Patch-level verification for Ruby apps.
- ruby-advisory-db - Open source database of security advisories that are relevant to Ruby libraries.
- GemScanner - GemScanner identifies depreciated versions of gems in your ruby on rails project.
- RailsGoat - A vulnerable version of Rails that follows the OWASP Top 10 http://railsgoat.cktricky.com .
- DeleteMe - Educational insecure Rails application.
- Rails Security Guides - The essentials to read when dealing with Rails Applications.
- Securing Ruby and Rails Apps - Applying static code analysis and dependency checking in your CI/CD pipeline.
- OWASP Ruby on Rails Cheatsheet - This Cheatsheet intends to provide quick basic Ruby on Rails security tips for developers. It complements, augments or emphasizes points brought up in the rails security guide from [rails core](https://guides.rubyonrails.org/security.html).
- Rails security checklist - 🔑 Community-driven Rails Security Checklist.
- Attacking Ruby on Rails Applications - Phrack article by [joernchen](https://twitter.com/joernchen) on finding security vulnerabilities in Rails applications.
- Zen Rails Security Checklist - A well-documented Rails security checklist.
- Rails security best practices - A good overview of usefull things to look out for when working with Rails.
- Securing Rails Application from developers perspective - A detailed blog on Ruby on Rails security from developers perspective that contains OWASP Top & other application issues with fixes / recommendation and fix codes.
- Rubyfu - Offensive security book for rubyist ([Source](https://github.com/rubyfu/RubyFu))
- Ruby gem installations can expose you to lockfile injection attacks - security blindspots of lockfile injection in the Ruby ecosystem
- Security for Developers - Newsletter catering towards developers and covering many languages.
- Ruby Bug Bounty Program - Found a bug in the Ruby language? Report it there.
- Ruby Security Updates - Follow the latest security announcements.
- ![CC0
Keywords
security
10
ruby
6
rails
5
security-audit
4
security-tools
4
ruby-on-rails
4
vulnerabilities
4
static-analysis
3
npm
3
checklist
2
security-scanner
2
appsec
2
brakeman
2
security-vulnerability
2
circleci
1
coinbase
1
cves
1
golang
1
gosec
1
js
1
salus
1
security-scanners
1
yarn
1
audit
1
ronin-rb
1
ronin
1
orm
1
network-tools
1
infosec
1
hacking
1
database
1
ctf-tools
1
ctf-tool
1
console
1
cli
1
nodejs
1
docker
1
ci
1
devsecops-tools
1
gdpr
1
owasp
1
privacy
1
sast
1
security-automation
1
static-code-analysis
1
vulnerability
1
advisory-files
1
metadata
1
rubysec
1
security-advisories
1