Contenu connexe
Similaire à Seguranca em APP Rails (20)
Seguranca em APP Rails
- 9. é ...
lv o
O a
App
75%
Host
25%
Instituto Gartner
- 13. XSS SQL INJECTION
CSRF Session
Mass Assign
Parâmetros Arquivos
Logs
- 25. class Asset < ActiveRecord::Base
validates_presence_of :title
has_attached_file :document, :styles => {
:medium => "300x300#",
:thumb => "50x50#"
}
validates_attachment_size :document, :less_than => 5.megabyte
validates_attachment_presence :document
default_scope :order => "created_at DESC"
end
- 26. class Asset < ActiveRecord::Base
validates_presence_of :title
has_attached_file :document,
:path => ":rails_root/uploads/:attachment/:id/:style/:style.:extension",
:styles => {
:medium => "300x300#",
:thumb => "50x50#"
}
has_attached_file :document, , :whiny => false
validates_attachment_size :document, :less_than => 5.megabyte
validates_attachment_presence :document
validates_attachment_content_type :document,
:content_type => %w(image/jpeg image/pjpeg image/gif image/png)
default_scope :order => "created_at DESC"
end
- 29. Devise
Devise.setup do |config|
config.mailer_sender = "please-change-me@config-initializers-devise.com"
require 'devise/orm/active_record'
config.encryptor = :bcrypt
config.pepper = "e3b0100c8c0ef8a7f09f104de3d2827f..."
config.timeout_in = 10.minutes
config.lock_strategy = :failed_attempts
config.maximum_attempts = 20
config.unlock_strategy = :both # email and time
config.unlock_in = 1.hour
end
- 32. Log Filter
require File.expand_path('../boot', __FILE__)
require 'rails/all'
Bundler.require(:default, Rails.env) if defined?(Bundler)
module Producer
class Application < Rails::Application
config.autoload_paths += %W(#{config.root}/app/sweepers)
config.i18n.default_locale = "pt-BR"
config.encoding = "utf-8"
config.filter_parameters += [:password, :credit_card, :cnpj, :cpf]
...
end
end
- 33. Parâmetros
@project = Project.find(params[:id])
@project = current_user.projects.find(params[:id])
- 34. ☐ Mass Assign. ☐ Brute Force
☐ Parâmetros ☐ Spams
☐ SQL Inject. ☐ Log
☐ XSS ☐ Session
☐ CSRF
☐ File System
- 35. ☑ Mass Assign. ☑ Brute Force
☑ Parâmetros ☑ Spams
☑ SQL Inject. ☑ Log
☑ XSS
☑ CSRF
☑ File System
- 37. • SSL
• Criptografia
• Automated Protection
• Pen. Testing
• Mantenha-se Atualizado