Atlanta Ruby on Rails Development Services Where Security Matters by Rietta

Security Matters!

Information Security is a fundamental part of the development process. Its job is to Protect You, and Your Customers, from Harm.

About the Rietta Ruby Development Team

As a technology firm, we focus our efforts to serve your needs as a partner. We ask a lot of questions and are quick to tell you if we would not be the best fit for your project. Our team of passionate programmers and thinkers do things a little differently.

  • Home /
  • Security Service

Our Information Security experts are available to

When you need a professional review of your Ruby on Rails application's security, we're able to help!

  • Audit your Rails application for common vulnerabilities, including:
    • Mass Assignment Attacks
    • Dangerous User Supplied Input Handling
    • Cross Site Scripting
    • Code Injection
    • Controller Access Control Rules
  • Review your technical security controls that are required by applicable regulations
    • PCI-DSS (Credit Card)
    • HIPAA (Medical Data)
    • Other laws or regulations as identified as applicable by your legal counsel
  • Run basic automated scans against a sandbox/test environment
    • W3AF (Web Application Attack and Audit Framework) on BackTracks Linux
    • Brakeman
    • Other tools as appropriate for your environment
  • Work with your existing www.github.com or www.bitbucket.org hosted source repository

Note: Our team members are technical information security experts, not lawyers. While we do review your written information security policies to see how your technical security controls align with your stated obligations, we do not provide legal advice.

Review your infrastructure for most common security vulnerabilities

We Systematically go through backend Ruby on Rails code looking for security vulnerabilities from the OWASP Top 10 list. The top errors that are frequently seen in web applications are:

Vulnerability Description Consequence
SQL injection Unvalidated user input can manipulate database queries. Data Breach; Identity Theft
Cross Site Scripting (XSS) Malicious content can be introduced to a system such that end-users’ computers may become exploited by malware or social engineering attacks. End-User System or Data Compromise
Session management / validation errors For example, if user 500 can pull up a record belonging to user 300 then the authentication is broken. This often happens when the developers inaccurately assumed that no user modifies hidden form variables or session cookies. Data Breach; Identity Theft
Insecure Cryptographic Storage Passwords stored in plain text. Data encrypted to a private encryption key that is stored in the same database, etc. Data Breach; Identity Theft

Security is Very Important!

Web applications are among the largest unprotected attack surfaces and the frequency of attack is increasing. Traditional network firewalls do little to prevent attacks against a vulnerable application. Even today, many web applications are susceptible to classic SQL injection, cross-site scripting (XSS) attacks, and other major attacks.

USA-based Team

We are a USA-based team with significant computer science and production server experience.

Relevant Experience

Security reviews are performed by highly qualified consultants with experience in building and securing web applications.

responsive

boost your development workflow

partnering with our American development team is an investment in your success

Start Discussion on Your Project Plan