Rails Security
June 6, 2018
Here are two quick wins for security that will help you sleep better at night:
If you are running Rails 5.2 or higher, chances are you are already using the new Content-Security-Policy feature for Cross-Site-Scripting (XSS) protection, it just needs configuring. The Rack-attack gem for throttling spammy clients, and preventing brute-force login attacks. Both of these are quick to get started with, but will benefit from monitoring and fine tuning.
...
Read more