Security Guide

CSRF (Cross-Site Request Forgery)

SQL Injection

Todo: SQL Injection Cheat-sheet

• http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/

Mass Assignment

XSS Attacks (Cross-Site Scripting)

Cryptography

• SSL
• Password Salts
• API Key generation
• Session Key/Secret

Cryptographic Hashes

Used for data integrity.

SHA-2 Hash (Secure Hash Algorithm)

@todo: Pseudocode + LaTeX math demonstrating how this algorithm works.

• http://en.wikipedia.org/wiki/SHA-2
• http://www.movable-type.co.uk/scripts/sha256.html

MD5 Hash

Cryptographic function that produces a 128-bit (16-byte) hash value, typically expressed as a 32-integer hexadecimal number.

A few flaws have been found with this hash.

• http://en.wikipedia.org/wiki/Md5

Resources

• http://guides.rubyonrails.org/security.html
• http://en.wikipedia.org/wiki/Transport_Layer_Security
• http://en.wikipedia.org/wiki/Federal_Information_Processing_Standard