You know security is an important topic, but sometimes getting That Feature ready is just more important. Use the power of habits and strategies to constantly improve.More info
But before you jump into checking for updates every day, we'll also need an overall approach. Security has many facets. Use habits to constantly improve these facets in no time:
So we don't introduce new vulnerabilities or keep repeating insecure patterns.
with new attacks and software updates for Rails, gems and on the server.
…Make your Rails application more secure than it was before you found me. You already put in a lot of thought to keep your Rails application secure. You subscribed to the Rails security updates, you read the Rails security guide and plenty of posts. However, sometimes security feels like a mystery and firefighting.
Trackman Up customerI save so much time because the CSO service
TolingoThe professional audit by bauland42 just made
These Rails security guides and articles are available:Rails Content-Security-Policy Admin panel mutual TLS authentication
A strategy for a Rails Content Security Policy
A Rails Content Security Policy (CSP) is a great way to reduce or completely remove Cross Site Scripting (XSS) vulnerabilities.
Strategy before details: Keep up with Rails security; new guide
This helps you create a system to keep up with Rails web app security even in busy times. Full guide.
A week with a Rails Security Strategy
A set of mini habits every workday to achieve a little progress in all the different aspects of security.
Actionable articles on how to develop a Rails security strategy
The bestseller for the last 10 years: A security check targeted at Rails applications. The outcome is an actionable report with findings and how to fix them. This manual Rails security audit usually reveals 2 high-priority vulnerabilities. 90% of these were not found by automatic test tools.
A monthly service that adapts your Rails application security to the future by focusing on the long-term success of the app and your dev team. More information
The little sister of Trackman Up. This is a one-off step-by-step strategy guide to level up all facets of security yourself. It includes a short audit of your application to find quick wins. E-mail me for more information.
The complete Rails guide to developing a security strategy for busy lead architects. Get it here
I write about how to develop a Rails Security Strategy, how to classify new attacks and how to stay secure sustainably. Not so much about firefighting and fiddly details. You can sign up here, if you’d like. There's another newsletter over at the Rails security project.
Ruby on Rails security website since 2007. All in one place: Updated guides about a growing number of Ruby on Rails security topics and all your questions answered.