Skip to content
Ruby on Rails Security Project

Hand-picked Rails security resources

Menu

  • Home
  • New here?
    • About
    • Rails security for beginners
    • Advanced Rails security
    • Essential Rails security links
  • Topics
    • Cross-Site Scripting (XSS) in Rails
    • SQL Injection in Rails
    • Rails configuration security
    • Rails security books
    • Vulnerabilities and threats
    • Cross-Site Request Forgery (CSRF)
    • All resources
  • Feed

Rails and web security digest ⚡ #23

Filed under Updates

CodeBuild, Brakeman, and CodePipeline

How to set up AWS CodeBuild (a CI server) to run brakeman


Login/logout CSRF: Time to reconsider?

Login/logout CSRF: Time to make them non­-GET routes (you probably have already)


Rails GEMS Vulnerable to CSRF Show Vulnerability Disclosure in Open-Source Projects Needs a Re-Think


Content-Security-Policy Hackerone bypass


Check the popularity, maintenance and maturity of gems before using


Validation, Database Constraint, or Both?


Vulnerabilities

Update jQuery UI to 1.12.0

if you found this useful, please share it:

  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to email a link to a friend (Opens in new window)

Written by Updates

Sponsored By

Ruby on Rails security strategy guideThe complete Rails guide to developing a security strategy for busy lead architects. Limited free offer.

Meta

Rails Security Bi-Weekly
Search
Update Feed
Resources Feed
Suggest a resource

About

Hand-picked quality Rails security resources © 2006-today by bauland42 (relaunch in 2015)
About