Here are a few articles from different categories that I found interesting in the past weeks. Now it also includes real-world vulnerabilities and hacks for us to learn from.
Security report: This security report reminds us to re-check passwords, IDs and more if the operation includes more than one step.
In this particular case, the password wasn’t re-checked when deleting a user after filling out a small survey after the initial password check.
Some don’t agree with the way it was reported. But it’s based on a hard-coded Rails secret token (from config/initializers/secret_token.rb) in a publicly accessible repository.
It explains the lock icon and mixed content notifications.
Like this kind of articles?
Subscribe to hear about new Rails security resources first. Only helpful articles and guides. Monthly(ish) updates, no spam.