-
Notifications
You must be signed in to change notification settings - Fork 96
Issues: eliotsykes/rails-security-checklist
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Author
Label
Projects
Milestones
Assignee
Sort
Issues list
Enforce email encryption: use enable_starttls not enable_starttls_auto
#88
opened Dec 13, 2024 by
eliotsykes
Consider setting
config.active_storage.draw_routes = false
in production, if not used
#82
opened Mar 23, 2022 by
eliotsykes
On logout, sessions should be invalidated to mitigate stolen cookie attacks
#81
opened Jan 26, 2022 by
eliotsykes
Always use Bundler source blocks to ensure private gems come from correct source
#76
opened Feb 19, 2021 by
eliotsykes
Calendar recurring review of Stripe (et al.) plans, coupons to retire if no longer needed
#74
opened Nov 9, 2020 by
eliotsykes
Heroku's router logs sensitive query strings (no mitigation yet)
#69
opened Aug 13, 2020 by
eliotsykes
Devise registerable module may allow attackers to register themselves as staff/admins
#68
opened Aug 11, 2020 by
eliotsykes
Previous Next
ProTip!
Adding no:label will show everything without a label.