SAAS Security Blog
News and resources for development, web application security and cryptography.
Ultimate Guide to Rack::Attack
Learn how to get the most out of Rack::Attack to protect your Rails Application.
By Mike Rogers - Tuesday, May 4, 2021
Archives
-
Ultimate Guide to Rack::Attack
-
How To Setup Your Development Environment for Ruby on Rails in 2021
-
'You can't use Brotli for dynamic content'
-
5700 upvotes later: be careful about crypto advice from Reddit.
-
A no-bull technical guide to EV HTTPS
-
An nginx config for 2017
-
Break the web.
-
CERT COMMON NAME INVALID doesn't mean what you think it does
-
Chrome's 'Secure' indicator was designed to make users proceed on any HTTPS site
-
Do EV certificates provide better encryption than non-EV certificates?
-
Domain validated HTTPS certs issued for google.com.mg and google.com.im
-
Domain validated HTTPS will soon be free from the large CAs
-
ECC is faster and more secure than RSA. Here's where you (still) can't use it.
-
ES2017's async/await is the best thing to ever happen to JavaScript
-
EV SSL in the Fortune 500
-
Edge uses a hollow gray lock for domain validated SSL
-
Encryption Everywhere: Symantec announce free DV certs via partners.
-
ExpeditedWAF pricing changes and upgrade to unlimited HTTP requests
-
HAProxy in 2018
-
HTTPS provides more than just privacy
-
HTTPS tools we wish we'd known about earlier
-
How to diagnose and troubleshoot JavaScript async/await issues
-
How to flatten an existing JavaScript codebase
-
How to get A+ on the SSL Labs test in node.js
-
Implementing Mozilla's recommended cipher suites and TLS/SSL versions on node & npm
-
It's happened: current Chrome is warning users about insecure pages
-
Never see localhost HTTPS warnings again
-
Onion TLS/SSL certificate updates
-
Practical Prevention of Web Shenanigans With Content Security Policy
-
Product Development for Non Us Markets
-
SSL 'site seals' are even worse than you thought
-
Safe ECC curves for HTTPS are coming sooner than you think
-
Single Multi Domain Https Certificates Are the Same Thing
-
So you're making an RSA key for an HTTPS certificate. What key size do you use?
-
Strange things are afoot with Symantec's search results injection
-
Symantec stopped upselling IE5 support in 2015
-
The ultimate guide to deploying your node app on Linux
-
Unix things web developers often struggle with - and how to fix them
-
We're recreating the Unix Rosetta Stone for 2015
-
What Is Certificate Pinning?
-
What web developers should know about HTTPS but probably don't.
-
Who your browser trusts, and how to control it.
-
Why can't I get a wildcard EV certificate?
-
Why people who know better still say 'SSL'. And 'hoverboard'.
-
Why there's junk in your whois results, and how you can get rid of it
-
Why we don't sell domain validated HTTPS certificates
-
Why you're always at least two steps down your HTTPS certificate chain
-
Why your A grade SSL is 'outdated cryptography' on Chrome
-
Wireshark 2 is the simplest way to inspect HTTPS on your Mac
-
You won't remember the options for OpenSSL, so here's bash shortcuts for everything.
-
Your OpenSSL CSR command is out of date
-
node.js v4 gets an A+ for SSL Labs with no configuration