All questions answered about Cross-Site Request Forgery in Rails
Answers for example “what’s the difference between protect_from_forgery with: :null_session and :reset_session”.
Your Preproduction Checklist for Your Rails App
In this guest posting I wrote up what to check before putting a Rails app into production.
Hardening the CSP on report-uri.io
It’s pretty easy to get a basic CSP setup and issued on your site, but tightening up the policy can be tricky.
Straightforward Rails Authorization with Pundit
Fixing SQL Injection Vulnerabilities in Ruby/Rails
Like this kind of articles?
Subscribe to hear about new Rails security resources first. Only helpful articles and guides. Monthly(ish) updates, no spam.
