Happy 2016!
Here are a few articles from different categories that I found interesting in the past weeks. Now it also includes real-world vulnerabilities and hacks for us to learn from.
Security report: This security report reminds us to re-check passwords, IDs and more if the operation includes more than one step.
In this particular case, the password wasn’t re-checked when deleting a user after filling out a small survey after the initial password check.
Hack: An Instagram admin panel was leaked at the end of last year
Some don’t agree with the way it was reported. But it’s based on a hard-coded Rails secret token (from config/initializers/secret_token.rb) in a publicly accessible repository.
Development: The new Chrome development toolbar has security panel
It explains the lock icon and mixed content notifications.
Strategy check: Test your server response headers for the new security headers
The new securityheaders.io includes a scoring system.
Development: A reminder how to use Rails strong parameters
Like this kind of articles?
Subscribe to hear about new Rails security resources first. Only helpful articles and guides. Monthly(ish) updates, no spam.
