Relevance Launches Service to Provide Unsurpassed Insight into Rails Application Security Vulnerabilities

Relevance, Inc., a leading Ruby on Rails software development practice specializing in application product development, training and consulting today announced the launch of its Rails Security Audit.

This industry-first service focuses on helping enterprise companies identify security vulnerabilities in Rails applications. Relevance's audit team is comprised of senior Rails professionals with strong backgrounds in security testing and risk management consulting.

Relevance's Rails Security Audit is comprised of five comprehensive phases:

  • Source Code Audit: Review of the application's source code and identification of vulnerabilities to test in subsequent phases. Key elements include reviewing input sanitization, SQL querying, and sensitive data storage.
  • XSS Audit: Test of all endpoints exposed by the application to verify that scripts cannot be injected into the application. This reduces the risk of Cross-Site Scripting (XSS), which can expose sensitive customer data, violate privacy, and lead to further compromises.
  • SQL Injection Audit: Test of all endpoints exposed by the application to verify that SQL cannot be injected into the database. A SQL injection attack can expose sensitive data and corrupt the database.
  • Fuzzing Audit: Crawl and index the application for fuzzing vulnerabilities. Fuzzing is an automated attack, which bombards an entire application with bad data and verifies that the application responds appropriately.
  • Deployment Stack Audit: Test of the production environment and examination of key elements such as the operating system, web server, and applicable databases.

The Rails Security Audit is generally completed in one week and pricing is based on the size of the project and the amount of technical debt. A customized quote is produced after members of the Relevance team meet with prospective clients. Each audit provides enterprises with a detailed report summarizing vulnerabilities as well as outlining fixes.

In conjunction with the launch of the new service, Relevance has released its Tarantula tool to the open-source community. Tarantula crawls Rails applications and identifies data breaks that are vulnerable to fuzzing.

"At Relevance, we have a deep understanding of secure programming principles as well as the capability to keep up with changes to the platform, which is particularly important in the constantly evolving Rails space. This unique perspective gives us the ability to identify soft spots in enterprise applications and provide insight on how to fix them," said Justin Gehtland, president and co-founder of Relevance.

To learn more about Rails security, Relevance Security Audit team member Aaron Bedra has written a [PDF book]( "Rails Security Audit PDF PeepCode Screencasts for Ruby on Rails Developers") on the subject. The ebook is available exclusively at PeepCode, publisher of timely, affordable training materials for Ruby on Rails developers.

About Relevance, Inc.

Relevance, Inc. is a leading Ruby on Rails enterprise application development practice, specializing in software development, consulting and training. Relevance's staff of veteran application developers, who on average possess 13 years industry experience, ensures enterprise customers receive the highest quality standards for predictable, rapid application development. Relevance professionals have trained internal IT staffs at SAS, BBC, ThoughtWorks, AOL, IBM, Sun Microsystems and many other companies. The company has followed a proven agile methodology since its inception and actively contributes to the open source community via a wide range of projects and developer tools. Relevance was founded by veteran software developers Stuart Halloway and Justin Gehtland in 2003.

Get In Touch