From Rails Security to Application Security

14:30–15:15 Thursday, 4-09-2008
Location: Saal Maritim C Level: Intermediate
Presentation: external link
Average rating: ***..
(3.07, 14 ratings)

Much has been said about Rails Security, in the sense of protecting
Rails deployments against a number of possible attacks. However,
preventing technical vulnerabilities does not mean your Rails
application actually is secure: Each application has its very own
security objectives, which are as hard to find out for a developer as
the other domain-specific requirements.

When employing classical security engineering for acquiring the
security requirements, the resulting security model may turn into a
straight-jacket and harm the application’s overall usability. In
essence, an intrusion of waterfall thinking loses the advantages of
Agile web development and the Rails framework in this area. Worse,
disappointing user acceptance can lead to premature project

In this talk, we will discuss approaches to elicit the actual security
requirements of a Rails application in a small-to-medium enterprise
and how to map these requirements into actionable elements of a Rails

Carsten Bormann

Universität Bremen, TZI

Carsten Bormann, Honorarprofessor for Internet technology at the Universität Bremen, is a protocol designer by heart, a standardization geek by necessity, and an author of the first German-language book on AJAX.

Carsten regularly teaches on agile web development, Rails, and AJAX topics.

Photo of Steffen Bartsch

Steffen Bartsch

TZI, Universität Bremen

Steffen Bartsch is a researcher at TZI, Universität Bremen, currently involved in security- and Rails-related research projects with small businesses.

News and Coverage
co-presented by Ruby Central, Inc. O'Reilly
  • Engine Yard
  • Sun Microsystems
  • Brightbox
  • ELC Technologies
  • T3N

Sponsor Opportunities

For information on exhibition and sponsorship opportunities at RailsConf Europe, contact Yvonne Romaine at

Press and Media

For media-related inquiries, contact Maureen Jennings at

Contact Us

View a complete list of RailsConf Europe Contacts