Rails configuration for more security

A guide to a week with a Rails security strategy

This includes a 5-page guide on how to form the habits and a plan for each day for you to follow.

Brakeman: Static code vulnerability scanner for Rails

Analyzes the source code and reports known security vulnerabilities

Httponly cookies in Rails

Why and how, for session and normal cookies

New Rails security HTTP headers

Some are sent by default in Rails now

Rack::Attack: Rate limits against DDoS and abusive users

Track and throttle requests

RubyGems security

Keep your gems and RubyGems sources safe

Secure configuration of Rails applications

Store secrets in the environment variables, secure and manage them