Pick of the Day

New Rails security HTTP headers

Some are sent by default in Rails now

Sponsored By

Ruby on Rails security strategy guideThe complete Rails guide to developing a security strategy for busy lead architects. Limited free offer.

Receive 2(ish) monthly updates of the best new Rails security resources! (No spam, I promise)

Rails Security Topics

More topics to come soon. Subscribe to the newsletter to hear about it first.

Newest Resources

Cross-Site Request Forgery and Rails

CSRF explained and all related questions answered

Secure configuration of Rails applications

Store secrets in the environment variables, secure and manage them

Command injection in Rails

Injecting command line parameters or entire Unix commands

HTML-safe, ActiveSupport::SafeBuffer explained

How does Rails’ XSS protection work exactly

XSS protection in Haml templates

Haml templates support Rails’ XSS protection

See all resources Resources for beginners Advanced-level resources