Skip to main content

Ruby agent

The Ruby agent is a Rack middleware that's compatible with the most popular web application frameworks. The agent's goal is to be fully Rack compatible and to provide applications built on Rack with interactive application security testing (IAST) and runtime application self-protection (RASP) capabilities.

In Assess, the agent identifies vulnerable dataflow paths and other issues during the normal execution of your application. It reports these findings to your organization in Contrast; you can then remediate the vulnerabilities before deploying the application in a live environment.

In Protect, the Ruby agent inspects HTTP requests to identify potentially harmful input vectors. During the request, the agent inspects database queries, file writes and other potentially damaging actions resulting from the request. At the end of the request, the agent inspects the rendered output for successful attacks and can block a successful attack from being forwarded to the application user. It then sends the details of the attack to the Contrast application, which then sends you an alert and displays attack details in the interface.

Note

The Ruby agent supports Assess, Protect, and SCA.

As a next step, you can: