Let’s start with an article that describes how someone took over locked Instagram accounts by changing an ID. That’s interesting because I discovered something similar in another app very recently. I think this is why it’s important to regularly review the bigger picture. In this case, that means asking: „What if someone skips a few steps of the ‘locking-an-account‘ workflow and just changes an ID?“.
And now for (not so) completely different articles:
How to inspect the magic bytes of images to fix some problems with the branded vulnerability ImageTragick.
You think you’re copying an innocent command in the browser, but it’s evil.
A practical guide to securing OS X.
How to store secrets in a git repository
This is not related to security, but from the history book. The origins of the <blink> tag: Someone was drunk
Like this kind of articles?
Subscribe to hear about new Rails security resources first. Only helpful articles and guides. Monthly(ish) updates, no spam.