Latest Screencasts (page 2)

Learn how to save data such as bank information, social security number, or other sensitive information in your Rails application securely by encrypting the data. By using spikex’s gem Strongbox, you can use private and public keys to secure your data in your database to where you must have the password to decrypt them. Download [...]

Security is important! Here I show seven different security flaws which are common to Rails applications ranging from mass assignment to CSRF protection.

This episode shows how to encrypt the variables passed to PayPal and verify the authenticity of the payment notifications (IPN).

by Aaron Bedra of Relevance No one wants to wake up to an application that has been hacked. This 47-page PDF talks about common vulnerabilities found in Rails applications and how to solve them. After touching on common model and view vulnerabilities, Aaron takes you through a session with the...

The Railscasts site has been getting a lot of comment spam in the past, but no longer. In this episode I will show you how I solved this problem by using the Akismet web service.

Another common security issue is cross site scripting. In this episode you will see why it is so important to escape any HTML a user may submit.

Your site may be at risk! When using mass assignment, you are giving the user complete control over that model and its associations. See how a hacker might use this vulnerability and learn how to stop it in this episode.

One of the most common security problems for dynamic sites is SQL Injection. Thankfully Rails does everything it can in solving this issue, but you still need to be aware of it.

In this second part of the series on administration, you will learn how to lock down the site to keep the public from accessing the administration features.

Are you accepting sensitive user data? Passwords, credit card numbers, etc. By default, Rails stores all submitted parameters in plain text in the logs. This episode will show you how to filter this sensitive input so it doesn't show up in the log file.