awesome-ruby-security
Security toolkit
A curated list of resources and tools to help developers secure their Ruby applications.
Awesome Ruby Security resources
462 stars
16 watching
34 forks
last commit: over 1 year ago
Linked from 2 awesome lists
awesome-listrubyruby-on-railssecuritysecurity-tools
Tools / Web Framework Hardening | |||
| secure-headers | 3,164 | 11 months ago | Manages application of security headers with many safe defaults |
| Rack::Attack | 5,577 | 11 months ago | Middleware for blocking and throttling requests |
Tools / Multi tools | |||
| Ronin | 700 | 11 months ago | Ronin is a free and Open Source Ruby toolkit for security research and development |
| Salus | 25 | almost 2 years ago | Multi purpose security scanning tool supporting Ruby, Node, Python and Go |
| Snyk | Continuously and automatically finds & fixes vulnerabilities for Ruby and other languages | ||
Tools / Static Code Analysis | |||
| brakeman | 7,033 | 11 months ago | A static analysis security vulnerability scanner for Ruby on Rails applications |
| rubocop-gitlab-security | A set of rules to extend rubocop with additional security rules | ||
| dawnscanner | 736 | over 1 year ago | A static analysis security scanner for ruby applications. It supports Sinatra, Padrino and Ruby on Rails frameworks |
| git-secrets | 12,504 | over 1 year ago | Prevents you from committing secrets and credentials into git repositories |
| DevSkim | 920 | 11 months ago | DevSkim is a set of IDE plugins and rules that provide security "linting" capabilities. Also has support for CLI so it can be integrated into CI/CD pipeline |
| ban-sensitive-files | 64 | 11 months ago | Checks filenames to be committed against a library of filename rules to prevent storing sensitive files in Git. Checks some files for sensitive contents (for example authToken inside .npmrc file) |
| rails_best_practices | 4,170 | over 2 years ago | A static code analyzer for Ruby on Rails applications that finds - among other things - common patterns that might lead to security vulnerabilities |
| Rails Application Routes Parser | A script that print out ruby on rails application routes/URLs | ||
| Bearer | 2,112 | 11 months ago | A code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks |
Tools / Vulnerabilities and Security Advisories | |||
| bundler-audit | Patch-level verification for Ruby apps | ||
| ruby-advisory-db | 1,025 | 11 months ago | Open source database of security advisories that are relevant to Ruby libraries |
| GemScanner | 3 | over 4 years ago | GemScanner identifies depreciated versions of gems in your ruby on rails project |
Educational / Hacking Playground | |||
| RailsGoat | 872 | about 1 year ago | A vulnerable version of Rails that follows the OWASP Top 10 |
| DeleteMe | 3 | almost 11 years ago | Educational insecure Rails application |
Educational / Articles & Guides | |||
| Rails Security Guides | The essentials to read when dealing with Rails Applications | ||
| Securing Ruby and Rails Apps | Applying static code analysis and dependency checking in your CI/CD pipeline | ||
| OWASP Ruby on Rails Cheatsheet | This Cheatsheet intends to provide quick basic Ruby on Rails security tips for developers. It complements, augments or emphasizes points brought up in the rails security guide from | ||
| Rails security checklist | 1,361 | over 3 years ago | 🔑 Community-driven Rails Security Checklist |
| Attacking Ruby on Rails Applications | Phrack article by on finding security vulnerabilities in Rails applications | ||
| Zen Rails Security Checklist | 1,817 | over 5 years ago | A well-documented Rails security checklist |
| Rails security best practices | 1,031 | over 2 years ago | A good overview of usefull things to look out for when working with Rails |
| Securing Rails Application from developers perspective | A detailed blog on Ruby on Rails security from developers perspective that contains OWASP Top & other application issues with fixes / recommendation and fix codes | ||
| Rubyfu | Offensive security book for rubyist ( ) | ||
| Ruby gem installations can expose you to lockfile injection attacks | security blindspots of lockfile injection in the Ruby ecosystem | ||
Educational / Newsletters | |||
| Security for Developers | Newsletter catering towards developers and covering many languages | ||
Other / Reporting Bugs | |||
| Ruby Bug Bounty Program | Found a bug in the Ruby language? Report it there | ||
| Ruby Security Updates | Follow the latest security announcements | ||
dreikanter/ruby-bookmarks
0ex/more-awesome
justalever/kickoff_tailwind
jekuno/milia
heartcombo/devise
andyobtiva/abstract_feature_branch
simukappu/activity_notification
ambethia/recaptcha
garyf/json_web_token
macfanatic/sprintapp
lockstep/rails_new
sharetribe/sharetribe
railsadminteam/rails_admin