This issue includes for the first time important security updates for Rails’ friends. I’ll include products that we use alongside Rails, for example nginx, Mysql, Redis. Products that have an automatic updater aren’t worth mentioning. Let’s get started with this weeks interesting (Rails) security articles:
An introduction to Rack::Attack and how to throttle requests.
Http Public Key Pinning went wrong for a major site.
If you’re interested in the security internals of browsers, this will be for you. So this is how Firefox now centralizes all content security checks.
A central place for all kinds of security checks: TLS, HTTP security headers, HSTS configuration.