Rails and web security digest ⚡ #23

Filed under Updates

CodeBuild, Brakeman, and CodePipeline

http://nmch.org.uk/?wordfence_lh=1 How to set up AWS CodeBuild (a CI server) to run brakeman

Login/logout CSRF: Time to reconsider?

https://www.nickelmania.com/1141-dte75361-new-totally-free-dating-sites-in-the-usa-2019.html Login/logout CSRF: Time to make them non-GET routes (you probably have already)

Rails GEMS Vulnerable to CSRF Show Vulnerability Disclosure in Open-Source Projects Needs a Re-Think

Content-Security-Policy Hackerone bypass

Check the popularity, maintenance and maturity of gems before using

Validation, Database Constraint, or Both?

More Bonuses Vulnerabilities

Update jQuery UI to 1.12.0