我开发了一个Rails站点,我的公司将使用该站点供所有员工内部使用。 它已经准备好上线了,但我想确保它足够安全,能够面对大而糟糕的外部世界。 所以我想尝试破解它来测试网站的安全性。 这有什么好的起点? 你知道有什么好的教程或技巧吗?
I have developed a Rails site which will be used by my company for internal use by all employees. It is ready to go live, but I want to make sure it is secure enough to face the big, bad outside world. So I want to test the security of the site by trying to hack it. What are good starting points for this? Are there any good tutorials or tips you know?
最满意答案
我喜欢使用制动器宝石在Rails应用程序上执行漏洞扫描。 查看“Open Web Application Security Project”以获取有关Web应用程序安全性的最新信息。
至于自我攻击,即“笔测试”,如果安全对您来说非常重要,那么最好将其留给安全社区以产生有意义的结果。 无论哪种方式,你仍然可以尝试自己测试。
一些很棒的资源:Google Gruyere OWASP WebGoat Burp Suite (Burp Suite可能是我最喜欢的)OWASP rails安全指南(也是结帐OWASP十大名单)黑客Dojo .com网站和他们的Live CD for pentesting这个网站Tweeter博客很有趣(由于声誉,我无法发布许多链接)但....允许您尝试在易受攻击的应用上执行SQL注入。 但我不确定它今天有多相关。
I like the brakeman gem for performing vulnerability scanning on Rails apps. Check out 'The Open Web Application Security Project' for current information about web app security.
As far as hacking yourself, aka 'pen testing', if security is of great importance to you, you're probably best off leaving it to security community to yield meaningful results. Either way, you can still try and test yourself.
Some great resources: Google Gruyere OWASP WebGoat Burp Suite (Burp Suite is probably my favorite) OWASP rails security guide(Also checkout OWASP Top 10 list) Hacking Dojo .com website and their Live CDs for pentesting This site Tweeter blog was a lot of fun ( I cant post many links due to reputation) but....allows you to try and perform SQL injection on a vulnerable app. I'm not sure how relevant it is today however.
更多推荐
发布评论