Advanced Rails security - Ruby on Rails Security Project

You already know quite a bit about Rails security? So you may want to skip the content for beginners and go through the topics below, instead. Each resource is usually not just a link to a gem/website but collects all information/links/answers about a topic. So don’t skip the topics on this page if you already know what it is. For example, you might know Rack::Attack but how to whitelist search engine spiders with it might be new to you (just guessing).

A Content Security Policy (CSP) strategy

CSP is a great way to reduce or completely remove the number 1 web app security vulnerability – Cross-Site Scripting (XSS).

A guide to a week with a Rails security strategy

This includes a 5-page guide on how to form the habits and a plan for each day for you to follow.

New Rails security HTTP headers

Some are sent by default in Rails now

Rack::Attack: Rate limits against DDoS and abusive users

Track and throttle requests

Note that I’ll add more to this page, subscribe to the mailing list to hear about it first.

if you found this useful, please share it: