This issue includes for the first time important security updates for Rails’ friends. I’ll include products that we use alongside Rails, for example nginx, Mysql, Redis. Products that have an automatic updater aren’t worth mentioning. Let’s get started with this weeks interesting (Rails) security articles:
Distrusting New WoSign and StartCom Certificates
Email Security – SPF
Protecting from XSS with Rails’ sanitize()
A video introduction to Rails’ sanitize(). While you might already know it, he also looks at how it’s useful against Javascript links in user profiles.
Rails API – throttling with Rack::Attack
An introduction to Rack::Attack and how to throttle requests.
How to quickly audit a Linux system from the command line
Be afraid of HTTP Public Key Pinning (HPKP)
Http Public Key Pinning went wrong for a major site.
Enforcing content security by default within Firefox
If you’re interested in the security internals of browsers, this will be for you. So this is how Firefox now centralizes all content security checks.
Observatory by Mozilla
A central place for all kinds of security checks: TLS, HTTP security headers, HSTS configuration.
Important security updates
[Gitlab] There were several important security update in the past for Gitlab.
[Mysql] Several critical security updates in a massive “Oracle Critical Patch Update Advisory”
[Memcached] Very critical vulnerabilities that allow for remote code execution
Like this kind of articles?
Subscribe to hear about new Rails security resources first. Only helpful articles and guides. Monthly(ish) updates, no spam.
