With web applications continuing to grow in popularity and frameworks becoming simpler to use, creating a web application is easier than ever. While building an application may be straightforward, ensuring that it is secure requires both a deep understanding of subtle security vulnerabilities as well as tedious and careful insertion of security checks. We propose GuardRails, a source-to-source tool for Ruby on Rails applications that adds extra layers of security to web applications with only minimal effort from the developer. GuardRails works by attaching security policies to the data itself. These policies are automatically enforced throughout the application, without the need for the developer to write large amounts of code. Our system helps prevent against a variety of security vulnerabilities from Cross-Site Scripting to faulty access controls without requiring the developer to have a sophisticated knowledge of web security.
Speaker bio will be posted shortly.