Security Tools

brakeman

Brakeman detects security vulnerabilities in Ruby on Rails applications via static analysis.

Rubygem brakeman

Total Downloads
1207915
Releases
80
Current Version
3.0.3
Released
2015-04-30 00:00:00 UTC
First Release
2010-08-27 07:00:00 UTC

Github presidentbeef/brakeman

Watchers
2507
Forks
195
Development activity
Less active
Last commit
2015-05-21 12:24:11 UTC

Loofah

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments. It's built on top of Nokogiri and libxml2, so it's fast and has a nice API. Loofah excels at HTML sanitization (XSS prevention). It includes some nice HTML sanitizers, which are based on HTML5lib's whitelist, so it most likely won't make your codes less secure. (These statements have not been evaluated by Netexperts.) ActiveRecord extensions for sanitization are available in the `loofah-activerecord` gem (see https://github.com/flavorjones/loofah-activerecord).

Rubygem loofah

Total Downloads
2773992
Releases
21
Current Version
2.0.2
Released
2015-05-05 00:00:00 UTC
First Release
2009-08-11 07:00:00 UTC

Github flavorjones/loofah

Watchers
501
Forks
60
Development activity
Less active
Last commit
2015-05-05 20:01:21 UTC

Tarantula

Tarantula is a big fuzzy spider. It crawls your Rails 2.3 and 3.x applications, fuzzing data to see what breaks.

Rubygem tarantula

Total Downloads
27113
Releases
13
Current Version
0.5.1
Released
2013-05-24 00:00:00 UTC
First Release
2008-09-26 04:00:00 UTC
Depends on following gems
Depending Gems
0

Github relevance/tarantula

Watchers
427
Forks
32
Development activity
Inactive
Last commit
2013-05-24 21:04:44 UTC
Contributors
15
Issues

Xss terminate

xss_terminate is a plugin in that makes stripping and sanitizing HTML stupid-simple. Install and forget. And forget about forgetting to h() your output, because you won‘t need to anymore.

Github look/xss_terminate

Watchers
113
Forks
32
Development activity
Inactive
Last commit
2010-05-30 02:24:53 UTC
Top contributors
Contributors
4
Issues

Rails xss

This plugin replaces the default ERB template handlers with erubis, and switches the behaviour to escape by default rather than requiring you to escape. This is consistent with the behaviour in Rails 3.0.

Rubygem rails_xss

Total Downloads
57734
Releases
10
Current Version
0.5.1
Released
2013-08-26 00:00:00 UTC
First Release
2010-06-30 20:00:00 UTC
Depends on following gems
Depending Gems
0

Github NZKoz/rails_xss

Watchers
224
Forks
40
Development activity
Inactive
Last commit
2010-05-24 22:04:43 UTC
Top contributors
Contributors
4
Issues

active_model_otp

Adds methods to set and authenticate against one time passwords. Inspired in AM::SecurePassword"

Rubygem active_model_otp

Total Downloads
59962
Releases
6
Current Version
1.2.0
Released
2015-02-26 00:00:00 UTC
First Release
2013-07-11 00:00:00 UTC
Depends on following gems
Depending Gems
1

Github heapsource/active_model_otp

Watchers
207
Forks
23
Development activity
Less active
Last commit
2015-03-26 15:30:06 UTC
First commit

Find mass assignment

Find likely mass assignment vulnerabilities

Github mhartl/find_mass_assignment

Watchers
119
Forks
11
Development activity
Inactive
Last commit
2010-11-23 21:22:29 UTC
Top contributors
Contributors
2
Issues

json-jwt

JSON Web Token and its family (JSON Web Signature, JSON Web Encryption and JSON Web Key) in Ruby

Rubygem json-jwt

Total Downloads
93710
Releases
42
Current Version
1.0.0
Released
2015-05-20 00:00:00 UTC
First Release
2011-09-14 00:00:00 UTC

Github nov/json-jwt

Watchers
47
Forks
10
Development activity
Less active
Last commit
2014-07-18 07:03:48 UTC
First commit
Top contributors
Contributors
4
Issues

Param protected

Provides two class methods on ActiveController::Base that filter the params hash for that controller's actions. You can think of them as the controller analog of attr_protected and attr_accessible.

Rubygem param_protected

Total Downloads
25345
Releases
7
Current Version
4.0.0
Released
2012-01-28 00:00:00 UTC
First Release
2009-12-04 06:00:00 UTC
Depends on following gems
Depending Gems
0

Github cjbottaro/param_protected

Watchers
89
Forks
12
Development activity
Inactive
Last commit
2012-01-28 17:49:49 UTC
Top contributors
Contributors
3
Issues

codesake-dawn

Codesake::Dawn is a security source code scanner for ruby powered code. Starting from January 07, 2015 this gem is renamed to dawnscanner and this version is no longer supported. Please, upgrade your Gemfile.

Rubygem codesake-dawn

Total Downloads
21961
Releases
26
Current Version
1.2.99
Released
2015-01-07 00:00:00 UTC
First Release
2013-05-13 00:00:00 UTC
Depending Gems
0

Github codesake/codesake_dawn

Watchers
29
Forks
3
Development activity
Less active
Last commit
2013-07-25 07:18:10 UTC
First commit
Top contributors
Contributors
2
Issues
Wiki pages

sudo_attributes

Adds 'sudo' methods to update protected ActiveRecord attributes with mass assignment

Rubygem sudo_attributes

Total Downloads
21491
Releases
8
Current Version
1.0.2
Released
2012-02-03 00:00:00 UTC
First Release
2010-09-29 04:00:00 UTC
Depends on following gems
Depending Gems
0

Github beerlington/sudo_attributes

Watchers
23
Forks
2
Development activity
Inactive
Last commit
2014-02-13 13:29:05 UTC
Top contributors
Contributors
1
Issues

alpaca

A rack middleware for whitelisting and blacklisting IPs

Rubygem alpaca

Total Downloads
6861
Releases
7
Current Version
1.1.5
Released
2015-05-08 00:00:00 UTC
First Release
2013-05-21 00:00:00 UTC
Depends on following gems
Depending Gems
0

Github jeffchao/alpaca

Watchers
17
Forks
4
Development activity
Inactive
Last commit
2015-05-08 06:40:05 UTC
First commit
Top contributors
Contributors
2
Issues

shellex

Shell execution made easy and secure

Rubygem shellex

Total Downloads
2380
Releases
3
Current Version
1.0.2
Released
2013-03-15 00:00:00 UTC
First Release
2013-03-15 00:00:00 UTC
Depends on following gems
Depending Gems
0

Github dsabanin/shellex

Watchers
21
Forks
1
Development activity
Inactive
Last commit
2013-07-18 18:41:05 UTC
First commit
Top contributors
Contributors
1
Issues

Cross site sniper

Ruby on Rails Plugin that automatically wraps html_escape() around ActiveRecord attribute methods associated with string and text fields in the database.

Github wwidea/cross_site_sniper

Watchers
5
Forks
1
Development activity
Inactive
Last commit
2011-10-26 18:22:57 UTC
Top contributors
Contributors
2
Issues

Audit mass assignment

Checks Ruby on Rails models for use of the attr_accessible white list.

Github ryanlowe/audit_mass_assignment

Watchers
8
Forks
0
Development activity
Inactive
Last commit
2008-05-28 08:03:51 UTC
Top contributors
Contributors
1
Issues
×

In order to continue, you must be signed in using your Github account.

If you're signing in using this account for the first time Github will ask for your permission to give access to your public user data to the Ruby Toolbox.

Although the Github Authorization page does not mention it, the request includes read-only access to your verified email address (user:email OAuth scope). This is neccessary so there's a way to notify you about comments, information about your accepted project edits and the like. You can review your notification settings on your account page once you're signed in.