Do you have an admin panel? Then you might be interested in my recent article @codeship: How to protect a sensitive area of your application with mutual TLS authentication. That means the client also authenticates itself against the server with a client-side certificate. The full nginx web server configuration is available here.
Now, what was worth reading recently:
About rel=noopener in links to remove access to the window JS object when linking with target=_blank
Remote Code Execution in git client and server
The web app security questionnaire that Google uses to assess vendors
A basic security checklist from all levels with quick wins
Like this kind of articles?
Subscribe to hear about new Rails security resources first. Only helpful articles and guides. Monthly(ish) updates, no spam.