Safer debugging, postmortem and security reading list ? #22

Lots of web application security articles last week again. So here are the most interesting ones.

  • Phillip shares a way to color­-code the PRY console in a production environment. He always has 2 debugging consoles open side by side. One in production and one in development. You know what can happen.
  • A good example of a postmortem for the Gitlab disaster,  including the issue tickets. Similar steps might  be needed after a security incident.
  • The Mozilla Security Bytes podcast starts with an episode on the Content­Security­-Policy.
  • If you’re using Docker, there are now Docker secrets.
  • And did you ever write a commit message “remove password”? You’re not alone. Don’t use it again, it might be a public repository.

Security updates

These friends of Rails saw security updates last week:

  • Jenkins released new versions after fixing several security issues, including a high one.

Like this kind of articles?

Subscribe to hear about new Rails security resources first. Only helpful articles and guides. Monthly(ish) updates, no spam.

Unsubscribe at any time. Powered by Kit