Talking head
RailsConf RailsConf2018

This presentation, by Justin Collins, is licensed under a Creative Commons Attribution ShareAlike 3.0

Rails has a reputation for being secure by default, but how deserved is that reputation? Let's take a look back at some of the low points in Rails security history: from the first Rails CVE, to the controversial GitHub mass assignment, the 2013 Rails apocalypse, and more recent remote code execution issues. Then we'll cheer ourselves up with the many cool security features Rails has added over the years! We'll cover auto-escaping, strong parameters, default security headers, secret storage, and less well-known features like per-form CSRF tokens and upcoming Content Security Policy support.

Rated: Everyone
Viewed 37 times
Tags: There are no tags for this video.