Security - Giant Robots Smashing Into Other Giant Robots

- All Topics
- Design
- Development
- Product
- More topics
Cybersecurity Basics: We're Cyber Essentials Recertified in 2025 (How You Can Do It Too)

Learn how and why we earned Cyber Essentials recertification—and how your team can meet this cybersecurity baseline too.
Stephanie Kuroda
June 25, 2025
- Values
- Ethics
- Continuous Improvement
- Team
- Operations
- Security
Prevent logging sensitive information in Rails, and beyond

The Rails defaults are a good foundation, but it’s still your responsibility to filter sensitive information from logs when using external APIs, services, and tools.
Steve Polito
June 10, 2025
- Rails
- Web
- Security
This week in #dev (Jan 24, 2025)

Avoiding ReDoS attacks, using Active Resource in modern Rails, and how to improve flaky tests with Playwright.
thoughtbot
February 3, 2025
- This Week In Dev
- TIL
- Security
- Testing
- Rails
Why should I avoid regular expressions?

Regular expressions are wondrous, but they’re ill-suited for many tasks; parsers are often more reliable.
Summer ☀️
December 13, 2024
- Regex
- Ruby
- Security
- Web
Use Inline Email Attachments for Images

In outgoing email messages, include images as inline attachments instead of as external images for privacy, resilience, and security.
Summer ☀️
March 14, 2024
- Action Mailer
- Rails
- Email
- Images
- Web
- Privacy
- Security
Rails advanced routing constraints

Learn how to authorize requests at the routing layer to improve security and ergonomics.
Steve Polito
January 25, 2024
- Rails
- Ruby
- Web
- Security
- Routes
This week in #dev (Aug 4, 2023)

A guide on web security, DeMorgan Laws, force-pushing without losing your work, and more!
thoughtbot
August 16, 2023
- This Week In Dev
- Rails
- Ruby
- Git
- TIL
- Tip
- Security
- Performance
- Mathematics
Are you absolutely sure your Rails caching strategy isn't leaking sensitive information?

Rails writes a new cache entry based on the first request. But what happens when that request is from an admin?
Steve Polito
July 26, 2023
- Rails
- Ruby
- Web
- Security
This week in #dev (Jul 14, 2023)

Lots of Active Record goodies, VS Code features, and a Heroku CLI extension.
thoughtbot
July 25, 2023
- This Week In Dev
- Rails
- Vs Code
- Security
- Heroku
Switching from ENV files to Rails Credentials

A little bit of my struggles with ENV files throughout the years, and hopefully a better solution.
Marina Joranhezon
March 29, 2022
Sign up to receive a weekly recap from thoughtbot

Your email address

Looking for even more ways to stay connected?

Check out our feeds

Sign up to receive a weekly recap from thoughtbot