1. Switching from ENV files to Rails Credentials

    A little bit of my struggles with ENV files throughout the years, and hopefully a better solution.

    Marina Joranhezon

  2. Security: Start today

    Simple actions can make a big difference in Security. What can we do today to make our lives safer?

    Matheus Richard

  3. Why remove user tracking?

    Individual tracking has been removed from thoughtbot.com. Learn more about why and how we made this change.

    Chad Pytel and Lindsey Christensen

  4. New online workshop: Protect your Rails app against security threats during COVID-19

    Join us as we discuss the rise of security threats during COVID-19, and how upgrading your Rails application can protect your business and users.

    Daniel Colson

  5. Web Security During the COVID-19 Pandemic

    The COVID-19 pandemic has brought with it an increase in cyber threats, but we can fight back by being more thoughtful about web security.

    Daniel Colson

  6. Protecting User Data in HIPAA Compliant Staging Environments

    How to populate your staging environment with data while keeping user data secure.

    Sweta Sanghavi

  7. Health Tech, HIPAA, and Humans

    A brief introduction to HIPAA compliance for developers in health technology.

    Mike Wenger and Sarah Cassidy

  8. Is Your Site Leaking Password Reset Links?

    Emailed password reset links are a common part of web applications. Is your site leaking these confidential links to third party sites?

    Derek Prior

  9. Paperclip IS vulnerable to ImageTragick

    Paperclip is affected by CVE-2016–3714 if used with ImageMagick 7.0.1-0 or earlier.

    Tute Costa

  10. ImageMagick vulnerability does not affect Paperclip

    There is no need to upgrade Paperclip in light of CVE-2016–3714. You may choose to upgrade ImageMagick regardless.

    Tute Costa

Sign up to receive a weekly recap from thoughtbot