Rails and web security digest ⚡ #23

CodeBuild, Brakeman, and CodePipeline

http://nmch.org.uk/?wordfence_lh=1 How to set up AWS CodeBuild (a CI server) to run brakeman

---

Login/logout CSRF: Time to reconsider?

http://cd13ffme.fr/31200-dtf62452-wannonce-rencontre-idf.html Login/logout CSRF: Time to make them non­-GET routes (you probably have already)

---

Rails GEMS Vulnerable to CSRF Show Vulnerability Disclosure in Open-Source Projects Needs a Re-Think

---

Content-Security-Policy Hackerone bypass

---

Check the popularity, maintenance and maturity of gems before using

---

Validation, Database Constraint, or Both?

---

More Bonuses Vulnerabilities

Update jQuery UI to 1.12.0