Pick of the Day
A Content Security Policy (CSP) strategy
CSP is a great way to reduce or completely remove the number 1 web app security vulnerability – Cross-Site Scripting (XSS).
Sponsored By
The complete Rails guide to developing a security strategy for busy lead architects. Limited free offer.
Receive 2(ish) monthly updates of new useful Rails security resources! (No spam. ➫ Example)
Rails Security Topics
More topics to come soon. Subscribe to the newsletter to hear about it first.
Newest Resources
Ruby method and class injection
A class name in user input: Anything can happen.
Excel Injection via Rails downloads
A = in a name could make Excel run macros.
Rails SQL Injection with LIKE
Injection with % in SQL LIKE is common and may lead to long queries.
CSS Injection in Rails
Can CSS from the user do any harm?
A Content Security Policy (CSP) strategy
CSP is a great way to reduce or completely remove the number 1 web app security vulnerability – Cross-Site Scripting (XSS).