My goal is to make your Rails application more secure

You've come to the right place if you’re looking for actionable articles on the bigger (security) picture and advanced Rails security.

Oh hey, I’m Heiko Webers, the original author of the official Rails security guide. Subscribe to my newsletter to not miss such articles that I publish here and elsewhere.

Security has many facets and I’d like to cover all of them:

Learning so we don’t introduce new vulnerabilities: The newsletter over at the Rails security project keeps you posted about new Rails and web application security articles. Here’s an example.
Keeping up with new attacks and Rails, gem and software updates. Subscribe to the official Rails security newsletters and check out this to look for security updates in your gems.
Being prepared for the worst-case scenario: Check out the week with a Rails security strategy to get that started.
Knowing what your users are doing: Coming soon
Hardening security with modern means. Everyone’s favorite topic, here are the most popular articles:

The end of XSS? Develop your Rails Content-Security Policy
New Rails security HTTP headers and rate limiting
Mutual TLS authentication for admin panels
Trackman Up, a monthly service that adapts your Rails application security to the future

About
I'm a web application security specialist, author of the Rails Security Guide and micropreneur living in the golden city. Get in touch or read more about this site.

My goal is to make your Rails application more secure

Security has many facets and I’d like to cover all of them:

About

Products

Guides

Legal