Interesting Rails and web application security reads #15

Ah yes, two new Rails security vulnerabilities last week. I guess you already updated Rails, right? Good, so on to this week’s interesting web app security reads:

Death by copy/paste

Are we copying too many security solutions without really understanding them?

CloudFlare, We Have A Problem

Opinion on CloudFlare: No real DDoS mitigation and breaking the TLS model.

Testing the HSTS preload process

How long does it take to get on the HSTS preload list („I want this site to be always HTTPS, also for the very first request“)? About 8 days it seems.

Malware in the browser: how you might get hacked by a Chrome extension

Hiding secrets in a Vault

Secrets in the configuration: Can be stored in Vault.


This is an extension of strong_parameters with added type checking and conversion.

PS: Do you know anybody who might benefit from this kind of posts? Please share it with them.

Like this kind of articles?

Subscribe to hear about new Rails security resources first. Only helpful articles and guides. Monthly(ish) updates, no spam.

Unsubscribe at any time. Powered by ConvertKit