Security

10 May 2019

Nonce-based Content Security Policy (CSP) in Rails

Introduction During my time at Gusto as a part of the Application Security team, I’ve been exploring ways to improve defense against Cross-Site Scripting (XSS) [https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)] in modern web

Edward Qiu

Engineering ( 44 )

Advice ( 12 )

Diversity Inclusion ( 11 )

Collaboration ( 11 )

Software Development ( 11 )

Ruby On Rails ( 10 )

Programming ( 10 )

Best Practice ( 9 )

Career growth ( 9 )

Gusto ( 8 )

Security ( 7 )

Ruby ( 6 )

Interviews ( 5 )

Modularization ( 5 )

Teamwork ( 4 )

Product Management ( 4 )

Tech Lead ( 4 )

Sidekiq ( 4 )

Refactoring ( 4 )

Monolith ( 4 )

Spaghetti Code ( 4 )

Coding ( 4 )

Technical Strategy ( 4 )

Teams ( 3 )

Startups ( 3 )

Engineering Management ( 3 )

Modular Monolith ( 3 )

Guide ( 3 )

Tidying ( 3 )

Api ( 3 )

Experiment ( 3 )

Decision ( 3 )

Productivity ( 3 )

Gradual Modularization ( 3 )

Getting Started ( 2 )

React ( 2 )

Javascript ( 2 )

PM ( 2 )

Job Hunt ( 2 )

Startup Lessons ( 2 )

Database ( 2 )

Incident Response ( 2 )

Authorization ( 2 )

Rails Engines ( 2 )

Big Data ( 2 )

Data Engineering ( 2 )

Data Lake ( 2 )

Pull Request ( 2 )

Code Review ( 2 )

Integrations ( 2 )

Payroll ( 2 )

Testing ( 2 )

Outcomes ( 2 )

MVP ( 2 )

Client Platform Engineering ( 2 )

CI/CD ( 2 )

PII ( 2 )

growth ( 2 )

Performance ( 2 )

Gem ( 2 )

Backbone ( 1 )

Webpack ( 1 )

Immutable ( 1 )

Cto ( 1 )

Migration ( 1 )

Double Write ( 1 )

Single Read ( 1 )

Models ( 1 )

Double Read ( 1 )

Single Write ( 1 )

Zero Downtime ( 1 )

Management ( 1 )

Individual Contributor ( 1 )

Redis ( 1 )

Poison Pill ( 1 )

Women ( 1 )

SSO ( 1 )

OAuth ( 1 )

OpenID Connect ( 1 )

Flexible Pay ( 1 )

1 post

|