Rails and web security digest ⚡ #23

CodeBuild, Brakeman, and CodePipeline

http://pebama.cz/940-dtcz63469-gay-seznamka-novosedlice.html How to set up AWS CodeBuild (a CI server) to run brakeman

---

Login/logout CSRF: Time to reconsider?

https://www.haburda.blog/4657-dte48562-houston-texas-speed-dating.html Login/logout CSRF: Time to make them non­-GET routes (you probably have already)

---

Rails GEMS Vulnerable to CSRF Show Vulnerability Disclosure in Open-Source Projects Needs a Re-Think

---

Content-Security-Policy Hackerone bypass

---

Check the popularity, maintenance and maturity of gems before using

---

Validation, Database Constraint, or Both?

---

Corona Vulnerabilities

Update jQuery UI to 1.12.0