Rails security and strategy reading list #4

Happy 2016!

Here are a few articles from different categories that I found interesting in the past weeks. Now it also includes real-world vulnerabilities and hacks for us to learn from.

Security report: This security report reminds us to re-check passwords, IDs and more if the operation includes more than one step.

In this particular case, the password wasn’t re-checked when deleting a user after filling out a small survey after the initial password check.

Hack: An Instagram admin panel was leaked at the end of last year

Some don’t agree with the way it was reported. But it’s based on a hard-coded Rails secret token (from config/initializers/secret_token.rb) in a publicly accessible repository.

Development: The new Chrome development toolbar has security panel

It explains the lock icon and mixed content notifications.

Strategy check: Test your server response headers for the new security headers

The new securityheaders.io includes a scoring system.

Development: A reminder how to use Rails strong parameters

Like this kind of articles?

Subscribe to hear about new Rails security resources first. Only helpful articles and guides. Monthly(ish) updates, no spam.

Unsubscribe at any time. Powered by ConvertKit