There are a few security tools that can help developers identify security issues in their web apps. In this section, we explore two such tools—the wwwhisper and tinfoil security tools supported as add-ons on the Heroku platform.
As an application developer, you can use an add-on such as wwwhisper to authorize access to RoR or other Rack-based Heroku applications. The administrator of the application can use a web interface to specify the e-mail addresses of those users who are allowed access to your application. wwwhisper provides smooth and seamless access control to your Heroku applications.
wwwhisper utilizes Persona—a cross-browser login system for the Web (supported on all modern browsers)—which eliminates the need for site-specific passwords to establish the ownership of a particular e-mail address.
The Rack middleware provides integration with the wwwhisper security service. As a result, the integration cost is kept to a minimum, and there is no need...