Ruby on Rails security by bauland42

I just want to know whether it's secure or not

You know security is an important topic, but sometimes getting That Feature ready is just more important. Use the power of habits and strategies to constantly improve.

More info
Many facets of security

Habits are used by many successful and busy people to make big improvements

But before you jump into checking for updates every day, we'll also need an overall approach. Security has many facets. Use habits to constantly improve these facets in no time:

Learning

So we don't introduce new vulnerabilities or keep repeating insecure patterns.

Keeping up

with new attacks and software updates for Rails, gems and on the server.

Being prepared for the worst case scenario.
Knowing what your users are doing.
Hardening security like it's 2024.
About

Hey, I'm Heiko Webers, and I have one goal

…Make your Rails application more secure than it was before you found me. You already put in a lot of thought to keep your Rails application secure. You subscribed to the Rails security updates, you read the Rails security guide and plenty of posts. However, sometimes security feels like a mystery and firefighting.

This site is about an overall Rails security strategy that will help you understanding what is secure and what not.
Learn more
Customer comments (security is a sensitive topic, 90% choose not to disclose)

  • Trackman Up customer

    I save so much time because the CSO service
    Trackman Up takes care of security.

  • Tolingo

    The professional audit by bauland42 just made
    our applications much more secure.
Guides & Articles

These Rails security guides and articles are available:

Rails Content-Security-Policy Admin panel mutual TLS authentication
A strategy for a Rails Content Security Policy

A strategy for a Rails Content Security Policy

A Rails Content Security Policy (CSP) is a great way to reduce or completely remove Cross Site Scripting (XSS) vulnerabilities.

Strategy before details: Keep up with Rails security; new guide

Strategy before details: Keep up with Rails security; new guide

This helps you create a system to keep up with Rails web app security even in busy times. Full guide.

A week with a Rails Security Strategy

A week with a Rails Security Strategy

A set of mini habits every workday to achieve a little progress in all the different aspects of security.

Products

Here are a few things that I can offer you

  • Ruby on Rails security audit

    The bestseller for the last 10 years: A security check targeted at Rails applications. The outcome is an actionable report with findings and how to fix them. This manual Rails security audit usually reveals 2 high-priority vulnerabilities. 90% of these were not found by automatic test tools.

  • Trackman Up

    A monthly service that adapts your Rails application security to the future by focusing on the long-term success of the app and your dev team. More information

  • Trackman Up Express

    The little sister of Trackman Up. This is a one-off step-by-step strategy guide to level up all facets of security yourself. It includes a short audit of your application to find quick wins. E-mail me for more information.

  • Rails Security Strategy

    The complete Rails guide to developing a security strategy for busy lead architects. Get it here

  • Rails Security Newsletter

    I write about how to develop a Rails Security Strategy, how to classify new attacks and how to stay secure sustainably. Not so much about firefighting and fiddly details. You can sign up here, if you’d like. There's another newsletter over at the Rails security project.

  • Rails Security Project

    Ruby on Rails security website since 2007. All in one place: Updated guides about a growing number of Ruby on Rails security topics and all your questions answered.

  • About
  • I'm a web application security specialist, author of the Rails Security Guide and micropreneur living in the golden city. Get in touch or read more about this site.

  •