Advanced Rails security

You already know quite a bit about Rails security? So you may want to skip the content for beginners and go through the topics below, instead. Each resource is usually not just a link to a gem/website but collects all information/links/answers about a topic. So don’t skip the topics on this page if you already know what it is. For example, you might know Rack::Attack but how to whitelist search engine spiders with it might be new to you (just guessing).

A Content Security Policy (CSP) strategy

CSP is a great way to reduce or completely remove the number 1 web app security vulnerability – Cross-Site Scripting (XSS).

A guide to a week with a Rails security strategy

This includes a 5-page guide on how to form the habits and a plan for each day for you to follow.

New Rails security HTTP headers

Some are sent by default in Rails now

Rack::Attack: Rate limits against DDoS and abusive users

Track and throttle requests

Note that I’ll add more to this page, subscribe to the mailing list to hear about it first.