Rails security news and reading list #5

Were you surprised too? After 10 years Rails gets a new logo and more whitespace. Also, last week I slightly revised my article about the week with a Rails security strategy and put it up on Medium. Check out these new interesting Rails security links:

Each form can get its own CSRF token in Rails 5

How to get started with a Content-Security-Policy in Rails

Start with reports only, analyze them and then move to the real thing. Here’s a great intro to CSP.

Interesting stats about gem downloads last year

1.2M/month Rails 4, 200K/month Rails 3 and CanCanCan dominates the authorization layer (more popular than Pundit).

Why isn’t HTTPS everywhere yet?

1) Because of the effort to set it up (but now there’s Let’s Encrypt) and 2) because of Mixed content. This article describes an approach to fix that.

Like this kind of articles?

Subscribe to hear about new Rails security resources first. Only helpful articles and guides. Monthly(ish) updates, no spam.

Unsubscribe at any time. Powered by ConvertKit