Do you have an admin panel? Then you might be interested in my recent article @codeship: How to protect a sensitive area of your application with mutual TLS authentication. That means the client also authenticates itself against the server with a client-side certificate. The full nginx web server configuration is available here.
Now, what was worth reading recently:
About rel=noopener
About rel=noopener in links to remove access to the window JS object when linking with target=_blank
Let’s encrypt with a Rails app on Heroku
Remote Code Execution in all git versions (client + server) < 2.7.4: CVE-2016-2324, CVE-2016‑2315
Remote Code Execution in git client and server
Vendor Security Assessment Questionnaires
The web app security questionnaire that Google uses to assess vendors
Securitychecklist.org
A basic security checklist from all levels with quick wins
Like this kind of articles?
Subscribe to hear about new Rails security resources first. Only helpful articles and guides. Monthly(ish) updates, no spam.
