Pick of the Day

A Content Security Policy (CSP) strategy

CSP is a great way to reduce or completely remove the number 1 web app security vulnerability – Cross-Site Scripting (XSS).

Sponsored By

Ruby on Rails security strategy guideThe complete Rails guide to developing a security strategy for busy lead architects. Limited free offer.

Receive 2(ish) monthly updates of new useful Rails security resources! (No spam. ➫ Example)

Rails Security Topics

More topics to come soon. Subscribe to the newsletter to hear about it first.

Newest Resources

Ruby method and class injection

A class name in user input: Anything can happen.

Excel Injection via Rails downloads

A = in a name could make Excel run macros.

Rails SQL Injection with LIKE

Injection with % in SQL LIKE is common and may lead to long queries.

CSS Injection in Rails

Can CSS from the user do any harm?

A Content Security Policy (CSP) strategy

CSP is a great way to reduce or completely remove the number 1 web app security vulnerability – Cross-Site Scripting (XSS).

See all resourcesResources for beginnersAdvanced-level resources