Security Matters!

Security Based Development is a fundamental part of our development process. Our job is to Protect You, and Your Customers, from Harm.

About Rietta's Development Services

As a technology firm, we focus our efforts to serve your needs as a partner. We ask a lot of questions and are quick to tell you if we would not be the best fit for your project. Our team of passionate programmers and thinkers does things a little differently.

Our Information Security experts are available to:

  • Audit your Rails application for common vulnerabilities, including:
    • Mass Assignment Attacks
    • Dangerous User Supplied Input Handling
    • Cross Site Scripting
    • Code Injection
    • Controller Access Control Rules
  • Review your technical security controls that are required by applicable regulations
    • PCI-DSS (Credit Card)
    • HIPAA (Medical Data)
    • Other laws or regulations as identified as applicable by your legal counsel
  • Run basic automated scans against a sandbox/test environment
    • W3AF (Web Application Attack and Audit Framework) on BackTracks Linux
    • Brakeman
    • Other tools as appropriate for your environment
  • Work with your existing or hosted source repository

Security is Very Important!

Web applications are among the largest unprotected attack surfaces and the frequency of attack is increasing. Traditional network firewalls do little to prevent attacks against a vulnerable application. Even today, many web applications are susceptible to classic SQL injection, cross-site scripting (XSS) attacks, and other major attacks.

USA-based Team

We are a USA-based team with significant computer science and production server experience.

Relevant Experience

Security reviews are performed by highly qualified consultants with experience in building and securing web applications.

Note: Our team members are technical information security experts, not lawyers. While we do review your written information security policies to see how your technical security controls align with your stated obligations, we do not provide legal advice.

We can review your infrastructure for many common security vulnerabilities

We systematically go through Ruby on Rails code looking for security vulnerabilities from the OWASP Top 10 list. The top errors that are frequently seen in web applications are:

Vulnerability Description Consequence
SQL injection Unvalidated user input can manipulate database queries. Data Breach; Identity Theft
Cross Site Scripting (XSS) Malicious content can be introduced to a system such that end-users’ computers may become exploited by malware or social engineering attacks. End-User System or Data Compromise
Session management / validation errors For example, if user 500 can pull up a record belonging to user 300 then the authentication is broken. This often happens when the developers inaccurately assumed that no user modifies hidden form variables or session cookies. Data Breach; Identity Theft
Insecure Cryptographic Storage Passwords stored in plain text. Data encrypted to a private encryption key that is stored in the same database, etc. Data Breach; Identity Theft

boost your development workflow

partnering with Rietta, Inc. is an investment in your success

Let's Talk About Your Project!