Guardrails: A Nearly Painless Solution To Insecure Web Applications presented at OWASP Appsec 2010

by Anonymous Speaker,

Tags: Web Application Security

URL : http://www.owasp.org/index.php/GuardRails:_A_Nearly_Painless_Solution_to_Insecure_Web_Applications

Summary : With web applications continuing to grow in popularity and frameworks becoming simpler to use, creating a web application is easier than ever. While building an application may be straightforward, ensuring that it is secure requires both a deep understanding of subtle security vulnerabilities as well as tedious and careful insertion of security checks. We propose GuardRails, a source-to-source tool for Ruby on Rails applications that adds extra layers of security to web applications with only minimal effort from the developer. GuardRails works by attaching security policies to the data itself. These policies are automatically enforced throughout the application, without the need for the developer to write large amounts of code. Our system helps prevent against a variety of security vulnerabilities from Cross-Site Scripting to faulty access controls without requiring the developer to have a sophisticated knowledge of web security.