awesome-ruby-security

Phrack article by

This Cheatsheet intends to provide quick basic Ruby on Rails security tips for developers. It complements, augments or emphasizes points brought up in the rails security guide from

A good overview of usefull things to look out for when working with Rails.

🔑 Community-driven Rails Security Checklist.

The essentials to read when dealing with Rails Applications.

Offensive security book for rubyist (

Checks filenames to be committed against a library of filename rules to prevent storing sensitive files in Git. Checks some files for sensitive contents (for example authToken inside .npmrc file).

A code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

A static analysis security vulnerability scanner for Ruby on Rails applications.

A static analysis security scanner for ruby applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.

DevSkim is a set of IDE plugins and rules that provide security "linting" capabilities. Also has support for CLI so it can be integrated into CI/CD pipeline.

Prevents you from committing secrets and credentials into git repositories.

Patch-level verification for Ruby apps.

GemScanner identifies depreciated versions of gems in your ruby on rails project.

Open source database of security advisories that are relevant to Ruby libraries.

Educational insecure Rails application.

A vulnerable version of Rails that follows the OWASP Top 10

Middleware for blocking and throttling requests.

Manages application of security headers with many safe defaults.

Ronin is a free and Open Source Ruby toolkit for security research and development.

Multi purpose security scanning tool supporting Ruby, Node, Python and Go.

Continuously and automatically finds & fixes vulnerabilities for Ruby and other languages.

Found a bug in the Ruby language? Report it there.

Follow the latest security announcements.

Newsletter catering towards developers and covering many languages.