Lots of web application security articles last week again. So here are the most interesting ones.
- Phillip shares a way to color-code the PRY console in a production environment. He always has 2 debugging consoles open side by side. One in production and one in development. You know what can happen.
- A good example of a postmortem for the Gitlab disaster, including the issue tickets. Similar steps might be needed after a security incident.
- The Mozilla Security Bytes podcast starts with an episode on the ContentSecurity-Policy.
- If you’re using Docker, there are now Docker secrets.
- And did you ever write a commit message “remove password”? You’re not alone. Don’t use it again, it might be a public repository.
These friends of Rails saw security updates last week:
- Jenkins released new versions after fixing several security issues, including a high one.