Ruby agent

The Ruby agent is a Rack middleware that's compatible with the most-popular web application frameworks. The agent's goal is to be fully Rack compatible and to provide applications built on Rack with interactive application security testing (IAST) and runtime application self-protection (RASP) capabilities.

There are two primary components of the Ruby agent: the agent and a service used to communicate to the Contrast server.

In Assess, the agent identifies vulnerable dataflow paths and other issues during normal execution of your application. It reports these findings to your organization in Contrast; you can then remediate the vulnerabilities before deploying the application in a live environment.

In Protect, the Ruby agent inspects HTTP requests to identify potentially harmful input vectors. During the request, the agent inspects database queries, file writes and other potentially damaging actions resulting from the request. At the end of the request, the agent inspects the rendered output for successful attacks, and can block a successful attack from being forwarded to the application user. The service sends the details of the attack to the Contrast application, which then sends you an alert and displays attack details in the interface.

You can: