This issue includes for the first time important security updates for Rails’ friends. I’ll include products that we use alongside Rails, for example nginx, Mysql, Redis. Products that have an automatic updater aren’t worth mentioning. Let’s get started with this weeks interesting (Rails) security articles:
Distrusting New WoSign and StartCom Certificates
Email Security – SPF
Protecting from XSS with Rails’ sanitize()
A video introduction to Rails’ sanitize(). While you might already know it, he also looks at how it’s useful against Javascript links in user profiles.
Rails API – throttling with Rack::Attack
An introduction to Rack::Attack and how to throttle requests.
How to quickly audit a Linux system from the command line
Be afraid of HTTP Public Key Pinning (HPKP)
Http Public Key Pinning went wrong for a major site.
Enforcing content security by default within Firefox
If you’re interested in the security internals of browsers, this will be for you. So this is how Firefox now centralizes all content security checks.
Observatory by Mozilla
A central place for all kinds of security checks: TLS, HTTP security headers, HSTS configuration.