Rails security reading digest #8: Admin panel, checklists and link security

Do you have an admin panel? Then you might be interested in my recent article @codeship: How to protect a sensitive area of your application with mutual TLS authentication. That means the client also authenticates itself against the server with a client-side certificate. The full nginx web server configuration is available here.

Now, what was worth reading recently:

About rel=noopener

About rel=noopener in links to remove access to the window JS object when linking with target=_blank

Let’s encrypt with a Rails app on Heroku

 

Remote Code Execution in all git versions (client + server) < 2.7.4: CVE-2016-2324, CVE-2016‑2315

Remote Code Execution in git client and server

 

Vendor Security Assessment Questionnaires

The web app security questionnaire that Google uses to assess vendors

 

Securitychecklist.org

A basic security checklist from all levels with quick wins

Like this kind of articles?

Subscribe to hear about new Rails security resources first. Only helpful articles and guides. Monthly(ish) updates, no spam.

Unsubscribe at any time. Powered by ConvertKit