Submitted by Kevin on Tue 20-05-2014, 19.01
At IADA we often use the Ruby on Rails web framework for developing the more complex web applications. Ruby on Rails, like any other web framework, eases the development of these applications, usually by proving many common functionalities that developers can directly put to use. Part of these functionalities are security functionalities that help protect the application against common web attacks, such as SQL injections and Cross Site Scripting (XSS) vulnerabilities. However, a question that now arises is whether these web frameworks and the protection mechanisms they offer are secure themselves. I developed a methodology to analyse the security of (arbitrary) web frameworks, as part of my master thesis research.