pxlpnk / Awesome Ruby Security
Awesome Ruby Security resources
Stars: ✭ 360
Programming Languages
ruby
36898 projects - #4 most used programming language
Projects that are alternatives of or similar to Awesome Ruby Security
Envizon
network visualization & vulnerability management/reporting
Stars: ✭ 382 (+6.11%)
Mutual labels: ruby-on-rails, security-tools
Huskyci
Performing security tests inside your CI
Stars: ✭ 398 (+10.56%)
Mutual labels: ruby-on-rails, security-tools
Hackertarget
🎯 HackerTarget ToolKit - Tools And Network Intelligence To Help Organizations With Attack Surface Discovery 🎯
Stars: ✭ 320 (-11.11%)
Mutual labels: security-tools
Syzkaller
syzkaller is an unsupervised coverage-guided kernel fuzzer
Stars: ✭ 3,841 (+966.94%)
Mutual labels: security-tools
Pupilfirst
A learning management system (LMS) that lets you run an asynchronous online school, where learning is achieved through focused tasks, directed feedback, an iterative workflow, and community interaction.
Stars: ✭ 357 (-0.83%)
Mutual labels: ruby-on-rails
Raptor
Web-based Source Code Vulnerability Scanner
Stars: ✭ 314 (-12.78%)
Mutual labels: security-tools
Koala
A lightweight Facebook library supporting the Graph, Marketing, and Atlas APIs, realtime updates, test users, and OAuth.
Stars: ✭ 3,506 (+873.89%)
Mutual labels: ruby-on-rails
Ssh Mitm
ssh mitm server for security audits supporting public key authentication, session hijacking and file manipulation
Stars: ✭ 335 (-6.94%)
Mutual labels: security-tools
Code fund ads
CodeFund is an open source platform that helps fund maintainers, bloggers, and builders through non-tracking ethical ads
Stars: ✭ 339 (-5.83%)
Mutual labels: ruby-on-rails
Reconnote
Web Application Security Automation Framework which recons the target for various assets to maximize the attack surface for security professionals & bug-hunters
Stars: ✭ 322 (-10.56%)
Mutual labels: security-tools
Super
Secure, Unified, Powerful and Extensible Rust Android Analyzer
Stars: ✭ 340 (-5.56%)
Mutual labels: security-tools
Pentester Fully Automatic Scanner
DNS Subdomain● Brute force ● Web Spider ● Nmap Scan ● etc
Stars: ✭ 315 (-12.5%)
Mutual labels: security-tools
Rails performance
Monitor performance of you Rails applications
Stars: ✭ 345 (-4.17%)
Mutual labels: ruby-on-rails
Htrace.sh
My simple Swiss Army knife for http/https troubleshooting and profiling.
Stars: ✭ 3,465 (+862.5%)
Mutual labels: security-tools
A curated list of awesome Ruby Security related resources.
List inspired by the awesome list thing.
Supported by: GuardRails.io
Contents
Tools
Web Framework Hardening
- secure-headers - Manages application of security headers with many safe defaults.
- Rack::Attack - Middleware for blocking and throttling requests.
Multi tools
- hawkeye - Multi purpose security/vulnerability/risk scanning tool supporting Ruby, Node.js, Python, PHP and Java.
- Salus - Multi purpose security scanning tool supporting Ruby, Node, Python and Go.
- GuardRails - A GitHub App that gives you instant security feedback in your Pull Requests.
- Snyk - Continuously and automatically finds & fixes vulnerabilities for Ruby and other languages.
Static Code Analysis
- brakeman - A static analysis security vulnerability scanner for Ruby on Rails applications.
- rubocop-gitlab-security - A set of rules to extend rubocop with additional security rules.
- dawnscanner - A static analysis security scanner for ruby applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.
- git-secrets - Prevents you from committing secrets and credentials into git repositories.
- DevSkim - DevSkim is a set of IDE plugins and rules that provide security "linting" capabilities. Also has support for CLI so it can be integrated into CI/CD pipeline.
- ban-sensitive-files - Checks filenames to be committed against a library of filename rules to prevent storing sensitive files in Git. Checks some files for sensitive contents (for example authToken inside .npmrc file).
- rails_best_practices - A static code analyzer for Ruby on Rails applications that finds - among other things - common patterns that might lead to security vulnerabilities.
Vulnerabilities and Security Advisories
- bundler-audit - Patch-level verification for Ruby apps.
- ruby-advisory-db - Open source database of security advisories that are relevant to Ruby libraries.
Educational
Hacking Playground
- RailsGoat - A vulnerable version of Rails that follows the OWASP Top 10 http://railsgoat.cktricky.com .
- DeleteMe - Educational insecure Rails application.
Articles & Guides
- Rails Security Guides - The essentials to read when dealing with Rails Applications.
- Securing Ruby and Rails Apps - Applying static code analysis and dependency checking in your CI/CD pipeline.
- OWASP Ruby on Rails Cheatsheet - This Cheatsheet intends to provide quick basic Ruby on Rails security tips for developers. It complements, augments or emphasizes points brought up in the rails security guide from rails core.
- Rails security checklist - 🔑 Community-driven Rails Security Checklist.
- Attacking Ruby on Rails Applications - Phrack article by joernchen on finding security vulnerabilities in Rails applications.
- Zen Rails Security Checklist - A well-documented Rails security checklist.
- Rails security best practices - A good overview of usefull things to look out for when working with Rails.
Newsletters
- Security for Developers - Newsletter catering towards developers and covering many languages.
Other
Reporting Bugs
- Ruby Bug Bounty Program - Found a bug in the Ruby language? Report it there.
- Ruby Security Updates - Follow the latest security announcements.
Contributing
Found an awesome project, package, article, other type of resources related to Ruby Security? Send me a pull request! Just follow the guidelines. Thank you!
say hi on Twitter
License
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].