Pick of the Day

A Content Security Policy (CSP) strategy

CSP is a great way to reduce or completely remove the number 1 web app security vulnerability – Cross-Site Scripting (XSS).

Sponsored By

Ruby on Rails security strategy guideThe complete Rails guide to developing a security strategy for busy lead architects. Limited free offer.

Receive 2(ish) monthly updates of new useful Rails security resources! (No spam. ➫ Example)

Rails Security Topics

Cross-Site Scripting

Config countermeasures, the basics and advanced policies

SQL Injection

The basics and all Rails methods where user input is dangerous

Rails configuration for more security

Including gems, HTTP headers and general strategies

Rails security books

The title says it all

Rails security vulnerabilities and threats

Hack an application and attack types

Cross-Site Request Forgery

CSRF and Rails, all related questions answered

More topics to come soon. Subscribe to the newsletter to hear about it first.

Newest Resources

Ruby method and class injection

A class name in user input: Anything can happen.

Excel Injection via Rails downloads

A = in a name could make Excel run macros.

Rails SQL Injection with LIKE

Injection with % in SQL LIKE is common and may lead to long queries.

CSS Injection in Rails

Can CSS from the user do any harm?

A Content Security Policy (CSP) strategy

CSP is a great way to reduce or completely remove the number 1 web app security vulnerability – Cross-Site Scripting (XSS).

See all resourcesResources for beginnersAdvanced-level resources