Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/pxlpnk/awesome-ruby-security
Awesome Ruby Security resources
https://github.com/pxlpnk/awesome-ruby-security
List: awesome-ruby-security
awesome-list ruby ruby-on-rails security security-tools
Last synced: 9 days ago
JSON representation
Awesome Ruby Security resources
- Host: GitHub
- URL: https://github.com/pxlpnk/awesome-ruby-security
- Owner: pxlpnk
- Created: 2018-11-05T21:55:19.000Z (about 6 years ago)
- Default Branch: master
- Last Pushed: 2024-02-22T07:48:23.000Z (10 months ago)
- Last Synced: 2024-10-29T14:15:53.523Z (about 1 month ago)
- Topics: awesome-list, ruby, ruby-on-rails, security, security-tools
- Homepage:
- Size: 33.2 KB
- Stars: 461
- Watchers: 16
- Forks: 34
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- Code of conduct: code-of-conduct.md
Awesome Lists containing this project
- awesome-cybersecurity - awesome-ruby-security - Awesome Ruby Security resources. (Coding)
- more-awesome - Ruby Security - Ruby Security resources. (Programming Languages)
- ultimate-awesome - awesome-ruby-security - Awesome Ruby Security resources. (Other Lists / PowerShell Lists)
- awesome-security-collection - **327**星
README
A curated list of awesome Ruby Security related resources.
[![Awesome](https://awesome.re/badge.svg)](https://awesome.re)
_List inspired by the [awesome](https://github.com/sindresorhus/awesome) list thing._
# Contents
- [Tools](#tools)
- [Educational](#educational)
- [Other](#other)
- [Contributing](#contributing)# Tools
## Web Framework Hardening
- [secure-headers](https://github.com/twitter/secure_headers) - Manages application of security headers with many safe defaults.
- [Rack::Attack](https://github.com/kickstarter/rack-attack) - Middleware for blocking and throttling requests.## Multi tools
- [Ronin](https://github.com/ronin-rb/ronin) - Ronin is a free and Open Source Ruby toolkit for security research and development.
- [Salus](https://github.com/coinbase/salus) - Multi purpose security scanning tool supporting Ruby, Node, Python and Go.
- [Snyk](https://snyk.io) - Continuously and automatically finds & fixes vulnerabilities for Ruby and other languages.## Static Code Analysis
- [brakeman](https://github.com/presidentbeef/brakeman) - A static analysis security vulnerability scanner for Ruby on Rails applications.
- [rubocop-gitlab-security](https://gitlab.com/gitlab-org/rubocop-gitlab-security) - A set of rules to extend rubocop with additional security rules.
- [dawnscanner](https://github.com/thesp0nge/dawnscanner) - A static analysis security scanner for ruby applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.
- [git-secrets](https://github.com/awslabs/git-secrets) - Prevents you from committing secrets and credentials into git repositories.
- [DevSkim](https://github.com/Microsoft/DevSkim) - DevSkim is a set of IDE plugins and rules that provide security "linting" capabilities. Also has support for CLI so it can be integrated into CI/CD pipeline.
- [ban-sensitive-files](https://github.com/bahmutov/ban-sensitive-files) - Checks filenames to be committed against a library of filename rules to prevent storing sensitive files in Git. Checks some files for sensitive contents (for example authToken inside .npmrc file).
- [rails_best_practices](https://github.com/flyerhzm/rails_best_practices) - A static code analyzer for Ruby on Rails applications that finds - among other things - common patterns that might lead to security vulnerabilities.
- [Rails Application Routes Parser](https://gist.github.com/Splint3r7/198a3f8f19f20c28fff44993427012c3) - A script that print out ruby on rails application routes/URLs.
- [Bearer](https://github.com/Bearer/bearer) - A code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.## Vulnerabilities and Security Advisories
- [bundler-audit](https://rubygems.org/gems/bundler-audit) - Patch-level verification for Ruby apps.
- [ruby-advisory-db](https://github.com/rubysec/ruby-advisory-db) - Open source database of security advisories that are relevant to Ruby libraries.
- [GemScanner](https://github.com/Splint3r7/GemScanner) - GemScanner identifies depreciated versions of gems in your ruby on rails project.# Educational
## Hacking Playground
- [RailsGoat](https://github.com/OWASP/railsgoat) - A vulnerable version of Rails that follows the OWASP Top 10 http://railsgoat.cktricky.com .
- [DeleteMe](https://github.com/rietta/DeleteMe) - Educational insecure Rails application.## Articles & Guides
- [Rails Security Guides](https://guides.rubyonrails.org/security.html) - The essentials to read when dealing with Rails Applications.
- [Securing Ruby and Rails Apps](https://www.occamslabs.com/blog/securing-your-ruby-and-rails-codebase) - Applying static code analysis and dependency checking in your CI/CD pipeline.
- [OWASP Ruby on Rails Cheatsheet](https://www.owasp.org/index.php/Ruby_on_Rails_Cheatsheet) - This Cheatsheet intends to provide quick basic Ruby on Rails security tips for developers. It complements, augments or emphasizes points brought up in the rails security guide from [rails core](https://guides.rubyonrails.org/security.html).
- [Rails security checklist](https://github.com/eliotsykes/rails-security-checklist) - 🔑 Community-driven Rails Security Checklist.
- [Attacking Ruby on Rails Applications](http://www.phrack.org/issues/69/12.html#article) - Phrack article by [joernchen](https://twitter.com/joernchen) on finding security vulnerabilities in Rails applications.
- [Zen Rails Security Checklist](https://github.com/brunofacca/zen-rails-security-checklist#memcached-security) - A well-documented Rails security checklist.
- [Rails security best practices](https://github.com/ankane/secure_rails) - A good overview of usefull things to look out for when working with Rails.
- [Securing Rails Application from developers perspective](http://hassankhanyusufzai.com/securing-rails-application/) - A detailed blog on Ruby on Rails security from developers perspective that contains OWASP Top & other application issues with fixes / recommendation and fix codes.
- [Rubyfu](https://rubyfu.net/) - Offensive security book for rubyist ([Source](https://github.com/rubyfu/RubyFu))
- [Ruby gem installations can expose you to lockfile injection attacks](https://snyk.io/blog/ruby-gem-installation-lockfile-injection-attacks) - security blindspots of lockfile injection in the Ruby ecosystem## Newsletters
- [Security for Developers](https://www.getrevue.co/profile/devsecops) - Newsletter catering towards developers and covering many languages.# Other
## Reporting Bugs
- [Ruby Bug Bounty Program](https://hackerone.com/ruby) - Found a bug in the Ruby language? Report it there.
- [Ruby Security Updates](https://www.ruby-lang.org/en/security/) - Follow the latest security announcements.# Contributing
Found an awesome project, package, article, other type of resources related to Ruby Security? Send me a pull request!
Just follow the [guidelines](/CONTRIBUTING.md). Thank you!---
say _hi_ on [Twitter](https://twitter.com/pxlpnk)
## License
[![CC0](http://mirrors.creativecommons.org/presskit/buttons/88x31/svg/cc-zero.svg)](http://creativecommons.org/publicdomain/zero/1.0/)