Relevance, Inc.

• Development
• Consulting
• Training
• Clients
• Open Source
• Books
• Jobs
• About
• Blog

Rails Security Audit

Relevance's Rails Security Audit consists of five phases:

• Source Code Audit: We review your source code and identify vulnerabilities to test in subsequent phases. Key areas include input sanitization, SQL queries and sensitive data storage.
• XSS Audit: We test all endpoints exposed by the application to verify that scripts cannot be injected into the application. This reduces the risk of Cross-Site Scripting (XSS), which can expose sensitive customer data, violate privacy, and lead to further compromises.
• SQL Injection Audit: We test all endpoints exposed by the application to verify that SQL cannot be injected into the database. An SQL injection attack can expose sensitive data and corrupt the database.
• Fuzzing Audit: We crawl and index the application for fuzzing vulnerabilities. Fuzzing is an automated attack, which bombards an entire application with bad data and verifies that the application responds appropriately.
• Deployment Stack Audit: We test your production environment, examining key elements such as the operating system, web server and applicable databases.

We generally fix a number of vulnerabilities during the Audit. At the end of the Audit you will receive a detailed report of these fixes, plus any application vulnerabilities that you need to fix.

Pricing varies depending on the size and technical debt of your project. We can typically complete an Audit within a week of the initial meeting.

Please contact us for more information.