Nonce-based Content Security Policy (CSP) in Rails

Introduction During my time at Gusto as a part of the Application Security team, I’ve been exploring ways to improve defense against Cross-Site Scripting (XSS) in modern web applications. At Gusto, we primarily use Ruby on Rails and React.js. Individually each framework comes with some XSS protections out…

Read this article

Layering authorization into a web application

How we introduced granular authorization into our application and API. Illustration by Camellia Neri Last year, my team extended Gusto’s authorization system to give admins granular access to their companies’ accounts. In software security terms, authorization is the concept of what a user can do in a system, while…

Read this article

An Open Email about Diversity

Updates from Gusto about their latest engineering diversity numbers.…

Read this article

When Girls Lose Interest in Stem — and What You Can Do about It

Patches our design team created for the event I'm an engineer at Gusto. In my spare time, I teach middle- and high school-aged girls how to code. I do this because I want girls to know about all the career options that are available, even if their communities don’t.…

Read this article

Debugging Sidekiq Poison Pills

That one time a memory leak almost took down one of our apps -- and how I fixed it…

Read this article