The Ruby Toolbox - Know your options!

loofah

13.68
Loofah is a general library for manipulating and transforming HTML/XML documents and fragments. It's built on top of Nokogiri and libxml2, so it's fast and has a nice API. Loofah excels at HTML sanitization (XSS prevention). It includes some nice HTML sanitizers, which are based on HTML5lib's whitelist, so it most likely won't make your codes less secure. (These statements have not been evaluated by Netexperts.) ActiveRecord extensions for sanitization are available in the `loofah-activerecord` gem (see https://github.com/flavorjones/loofah-activerecord).
 Popularity
Downloads
58,137,441
Stars
650
Forks
91
Watchers
19
 Releases
Total releases
26
First release
Latest release

brakeman

4.19
Brakeman detects security vulnerabilities in Ruby on Rails applications via static analysis.
 Popularity
Downloads
9,234,440
Stars
4,629
Forks
461
Watchers
178
 Releases
Total releases
111
First release
Latest release

active_model_otp

0.27
Adds methods to set and authenticate against one time passwords. Inspired in AM::SecurePassword"
 Popularity
Downloads
460,180
Stars
380
Forks
33
Watchers
16
 Releases
Total releases
6
First release
Latest release

codesake-dawn

0.25
Codesake::Dawn is a security source code scanner for ruby powered code. Starting from January 07, 2015 this gem is renamed to dawnscanner and this version is no longer supported. Please, upgrade your Gemfile.
 Popularity
Downloads
49,657
Stars
512
Forks
57
Watchers
32

tarantula

0.19
Tarantula is a big fuzzy spider. It crawls your Rails 2.3 and 3.x applications, fuzzing data to see what breaks.
 Popularity
Downloads
36,987
Stars
450
Forks
34
Watchers
37

look/xss_terminate

0.16
xss_terminate is a plugin in that makes stripping and sanitizing HTML stupid-simple. Install and forget. And forget about forgetting to h() your output, because you won‘t need to anymore.
 Popularity
Stars
112
Forks
32
Watchers
3

mhartl/find_mass_assignment

0.1
Find likely mass assignment vulnerabilities
 Popularity
Stars
117
Forks
11
Watchers
2

param_protected

0.05
Provides two class methods on ActiveController::Base that filter the params hash for that controller's actions. You can think of them as the controller analog of attr_protected and attr_accessible.
 Popularity
Downloads
30,714
Stars
88
Forks
12
Watchers
3

rails_xss

0.03
This plugin replaces the default ERB template handlers with erubis, and switches the behaviour to escape by default rather than requiring you to escape. This is consistent with the behaviour in Rails 3.0.
 Popularity
Downloads
92,328
Stars
4
Forks
4
Watchers
1

sudo_attributes

0.02
Adds 'sudo' methods to update protected ActiveRecord attributes with mass assignment
 Popularity
Downloads
44,524
Stars
22
Forks
2
Watchers
1

alpaca

0.02
A rack middleware for whitelisting and blacklisting IPs
 Popularity
Downloads
13,588
Stars
20
Forks
4
Watchers
4

shellex

0.01
Shell execution made easy and secure
 Popularity
Downloads
5,086
Stars
23
Forks
1
Watchers
3

wwidea/cross_site_sniper

0.01
Ruby on Rails Plugin that automatically wraps html_escape() around ActiveRecord attribute methods associated with string and text fields in the database.
 Popularity
Stars
4
Forks
1
Watchers
6

ryanlowe/audit_mass_assignment

0.0
Checks Ruby on Rails models for use of the attr_accessible white list.
 Popularity
Stars
8
Forks
0
Watchers
2