Rails security reading list, vulnerabilities and browser news (🎆 edition)

Gummersbach Welcome! Also in 2017 we want to find the right mix of security information, vulnerabilities in Rails’ friends and browser news. Let’s see what was interesting this week:

Several ‘exotic’ security HTTP headers tested

Saves you some time to try out all configuration options.

Invisible Captcha: Spam protection gem

It’s based on the honeypot strategy. That means you know it’s a spam bot if the invisible field is filled out.

Another Rails security checklist


CSRF vulnerability in rails_admin gem


Tool to detect TLS/SSL vulnerabilities and versions

This is probably only useful if you can’t use the Qualys SSL Server Test. For example in a restricted environment.

Version handling differences between RubyGems and npm

If you’re using both Node and Ruby, you might find this guide interesting.

New Content-Security-Policy (CSP) directive require-sri-for coming to Chrome

Subresource Integrity (SRI) is a mechanism by which user agents may verify that fetched scripts/styles have been delivered without manipulation. This CSP directive allows developers to require SRI for certain types of resources.

buy brand provigil Important security updates

[ImageMagick] Critical buffer overflow vulnerability before version 7.0.2-7.
There were also several memory problems in the versions before.

Like this kind of articles?

https://www.premiercorporatesuites.com/3720-dte29883-india-online-dating-chat-with-aunties.html Subscribe to hear about new Rails security resources first. Only helpful articles and guides. Monthly(ish) updates, no spam.

Unsubscribe at any time. Powered by ConvertKit