- “Prevent vulnerabilities through product design”
- “Empower users to take action through a meaningful feedback UI”
- “Any defense can be defeated – use defense in depth with multiple layers of protection”
- “Detection systems are imperfect – implement catch-up mechanisms”
- “Make it hard for attackers to understand your defenses”
- “Implement an emergency system“ as a last resort
Set up Let’s encrypt, nginx and security headers
XSS from ad networks on a security researcher’s blog
Rails sends the recommended setting by default, but an interesting read.
Like this kind of articles?
Subscribe to hear about new Rails security resources first. Only helpful articles and guides. Monthly(ish) updates, no spam.