Ruby on Rails web security digest #16

It feels like after summer, the amount of security news increases again. Yes, also on the Rails security project, a few new articles about other forms of injection. Oh and here interesting reads from elsewhere:


The Dropbox hack is real

Yes the Dropbox hack is real and this is proper journalism – verified and cross-checked before publishing.

Mitigating MIME Confusion Attacks in Firefox

Firefox now also supports the X-Content-Type-Options: nosniff against MIME-type sniffing.

Protecting your embedded content with subresource integrity (SRI)

Using subresource integrity (SRI)? Here’s how to add a fallback.

Did you like attr_accessible? Someone ported it to Rails 5.


Google Chrome, Firefox Address Bar Spoofing Vulnerability

A spooky browser vulnerability turns URLs around if it sees an RTL string.

Let’s look at some of the security at Github

Some security features at Github, including a hack for dangling markup.

The target=”_blank” vulnerability by example


Antivirus Uploads with Clamby

Like this kind of articles?

Subscribe to hear about new Rails security resources first. Only helpful articles and guides. Monthly(ish) updates, no spam.

Unsubscribe at any time. Powered by ConvertKit