Rails security digest #1

All questions answered about Cross-Site Request Forgery in Rails

Answers for example “what’s the difference between protect_from_forgery with: :null_session and :reset_session”.

Your Preproduction Checklist for Your Rails App

In this guest posting I wrote up what to check before putting a Rails app into production.

Hardening the CSP on report-uri.io

It’s pretty easy to get a basic CSP setup and issued on your site, but tightening up the policy can be tricky.

Straightforward Rails Authorization with Pundit

Fixing SQL Injection Vulnerabilities in Ruby/Rails

Statusify is a web-application status app, written entirely in Ruby

Like this kind of articles?

Subscribe to hear about new Rails security resources first. Only helpful articles and guides. Monthly(ish) updates, no spam.

Unsubscribe at any time. Powered by ConvertKit