Rails Security Strategy Support Edition (Downloadable Guide)

This is the "support edition" of the Rails Security Strategy, choose your own price here. Thank you very much.

Do you find it hard keeping up with Rails security?

You’re a busy developer, and you don’t have endless time for researching security. Making sense of the important security vulnerabilities can waste days or even weeks.

There are a lot of details out there, but not many solutions. Plenty of guides give you some bits and pieces of what to do, but leave out the most important thing — how to develop a whole security strategy.

What if you could move away from the firefighting and fiddling and create your own security strategy?

This guide

• respects your time.
  
• shows you how to maintain your security even when you and your team are busy.
  
• will help you manage the big picture by making informed decisions.
  

It will cover the following topics:

• Manual work is boring, automation is king, but in security both are needed to fix vulnerabilities.
  
• SSL/TLS security needs to be maintained too, and while you’re at it, make sure it’s always used.
  
• Emergencies happen, when they do you won’t have time to create a strategy for it anymore.
  
• Some people will test your security, make sure they’ll tell you about it first.
  
• Processes sound boring, but they will keep your software up to date.
  
• You don’t necessarily need a security expert. Your team can do their own code reviews and audits. Start small to increase quality and security.
  
• How to keep your codebase, your code repository organization and deployments secure.
  
• Cross-Site Scripting (XSS) can happen easily, so develop a Content Security Policy for your safety net.
  
• Your Rails 4 app prevents Content Sniffing and clickjacking, so you should know what it is.
  
• The security of APIs is very different, so learn how to get it right.
  
• Plus: Your work environment, habits and productivity.
  

If you are:

• an experienced Rails developer, but you find it hard to keep up
  
• a lead developer and your team generally keeps the app secure enough, but sometimes you feel there should be a system for how to keep up with security
  
• a new Rails developer and need some guidance where to start
  

this guide is for you.

If you're not convinced that this will help you, read this introduction: A week with a Rails Security Strategy.

If you’re not completely satisfied, I have a 30 day money-back guarantee.