Security

10 May 2019

Nonce-based Content Security Policy (CSP) in Rails

Introduction During my time at Gusto as a part of the Application Security team, I’ve been exploring ways to improve defense against Cross-Site Scripting (XSS) in modern web applications. At Gusto, we primarily use Ruby on Rails

Edward Qiu

Engineering ( 23 )

Diversity Inclusion ( 10 )

Programming ( 8 )

Gusto ( 7 )

Collaboration ( 5 )

Best Practice ( 5 )

Ruby On Rails ( 4 )

Product Management ( 3 )

Startups ( 3 )

Tidying ( 3 )

React ( 2 )

Javascript ( 2 )

PM ( 2 )

Interviews ( 2 )

Job Hunt ( 2 )

Database ( 2 )

Advice ( 2 )

Engineering Management ( 2 )

Incident Response ( 2 )

Authorization ( 2 )

Guide ( 2 )

Security ( 2 )

Startup Lessons ( 2 )

Ruby ( 2 )

Getting Started ( 2 )

Pull Request ( 2 )

Code Review ( 2 )

Refactoring ( 2 )

Outcomes ( 2 )

Experiment ( 2 )

MVP ( 2 )

Backbone ( 1 )

Webpack ( 1 )

Immutable ( 1 )

Teams ( 1 )

Teamwork ( 1 )

Cto ( 1 )

Migration ( 1 )

Double Write ( 1 )

Single Read ( 1 )

Models ( 1 )

Double Read ( 1 )

Single Write ( 1 )

Zero Downtime ( 1 )

Management ( 1 )

Tech Lead ( 1 )

Individual Contributor ( 1 )

Sidekiq ( 1 )

Redis ( 1 )

Poison Pill ( 1 )

Women ( 1 )

Modular Monolith ( 1 )

Rails Engines ( 1 )

SSO ( 1 )

OAuth ( 1 )

OpenID Connect ( 1 )

Flexible Pay ( 1 )

Blocks ( 1 )

Closures ( 1 )

Big Data ( 1 )

Data Engineering ( 1 )

Data Lake ( 1 )

Partnerships ( 1 )

Integrations ( 1 )

Api ( 1 )

Xero ( 1 )

New York City ( 1 )

Organizational Design ( 1 )

Monolith ( 1 )

Spaghetti Code ( 1 )

Legislation ( 1 )

Hardcoding ( 1 )

Software Development ( 1 )

Coding ( 1 )

Continuous Integration ( 1 )

IT ( 1 )

Client Platform Engineering ( 1 )

CI/CD ( 1 )

Edward Qiu

1 post |

1 post

|