What you'll learn

Understanding how to secure web applications is essential for any Rails developer. In this course, Ruby on Rails 7 Security and Performance, you'll work through the best practices for securing Ruby on Rails applications, ensuring the confidentiality, integrity, and availability of user data.

Starting with the essentials of password security, this course delves into the cryptographic principles that ensure secure password storage, such as hashing and salting, and how Rails seamlessly integrates these mechanisms through the use of the Devise gem - an industry standard - for robust user authentication.

As we progress, you'll gain expertise in managing user sessions in Rails, utilizing encrypted cookies and authenticity tokens to prevent session hijacking and fixation attacks, while also exploring the responsible use of flash messages to securely provide user feedback without exposing sensitive information.

Finally, the course addresses the critical threat of Cross-site Request Forgery (CSRF) by teaching the implementation of authenticity tokens in Rails applications, alongside strategies for effectively automating error messages to protect the app and inform users. Upon completion of the course, you’ll be prepared to implement these security solutions in a production rails application.