Ah yes, two new Rails security vulnerabilities last week. I guess you already updated Rails, right? Good, so on to this week’s interesting web app security reads:
Are we copying too many security solutions without really understanding them?
Opinion on CloudFlare: No real DDoS mitigation and breaking the TLS model.
How long does it take to get on the HSTS preload list („I want this site to be always HTTPS, also for the very first request“)? About 8 days it seems.
Secrets in the configuration: Can be stored in Vault.
This is an extension of strong_parameters with added type checking and conversion.
PS: Do you know anybody who might benefit from this kind of posts? Please share it with them.
Like this kind of articles?
Subscribe to hear about new Rails security resources first. Only helpful articles and guides. Monthly(ish) updates, no spam.