Rails and web security digest ⚡ #23

CodeBuild, Brakeman, and CodePipeline

How to set up AWS CodeBuild (a CI server) to run brakeman

---

Login/logout CSRF: Time to reconsider?

Login/logout CSRF: Time to make them non­-GET routes (you probably have already)

---

Rails GEMS Vulnerable to CSRF Show Vulnerability Disclosure in Open-Source Projects Needs a Re-Think

---

Content-Security-Policy Hackerone bypass

---

Check the popularity, maintenance and maturity of gems before using

---

Validation, Database Constraint, or Both?

---

Vulnerabilities

Update jQuery UI to 1.12.0