Ah yes, two new Rails security vulnerabilities last week. I guess you already updated Rails, right? Good, so on to this week’s interesting web app security reads:
Death by copy/paste
Are we copying too many security solutions without really understanding them?
CloudFlare, We Have A Problem
Opinion on CloudFlare: No real DDoS mitigation and breaking the TLS model.
Testing the HSTS preload process
How long does it take to get on the HSTS preload list („I want this site to be always HTTPS, also for the very first request“)? About 8 days it seems.
Malware in the browser: how you might get hacked by a Chrome extension
Hiding secrets in a Vault
Secrets in the configuration: Can be stored in Vault.
stronger_parameters
This is an extension of strong_parameters with added type checking and conversion.
PS: Do you know anybody who might benefit from this kind of posts? Please share it with them.
Like this kind of articles?
Subscribe to hear about new Rails security resources first. Only helpful articles and guides. Monthly(ish) updates, no spam.
