(Rails) security reading list and updates #19

This issue includes for the first time important security updates for Rails’ friends. I’ll include products that we use alongside Rails, for example nginx, Mysql, Redis. Products that have an automatic updater aren’t worth mentioning. Let’s get started with this weeks interesting (Rails) security articles:

Distrusting New WoSign and StartCom Certificates


Email Security – SPF


Protecting from XSS with Rails’ sanitize()

A video introduction to Rails’ sanitize(). While you might already know it, he also looks at how it’s useful against Javascript links in user profiles.

Rails API – throttling with Rack::Attack

An introduction to Rack::Attack and how to throttle requests.

How to quickly audit a Linux system from the command line


Be afraid of HTTP Public Key Pinning (HPKP)

Http Public Key Pinning went wrong for a major site.

Enforcing content security by default within Firefox

If you’re interested in the security internals of browsers, this will be for you. So this is how Firefox now centralizes all content security checks.

Observatory by Mozilla

A central place for all kinds of security checks: TLS, HTTP security headers, HSTS configuration.

Important security updates

[Gitlab] There were several important security update in the past for Gitlab.


[Mysql] Several critical security updates in a massive “Oracle Critical Patch Update Advisory”


[Memcached] Very critical vulnerabilities that allow for remote code execution

Like this kind of articles?

click reference Subscribe to hear about new Rails security resources first. Only helpful articles and guides. Monthly(ish) updates, no spam.

Unsubscribe at any time. Powered by ConvertKit