Posts Tagged: rails
-
A Guide to Upgrading Gems and Dependencies in Ruby
Learn how to manage Gemfile updates safely.
-
Achieving Zero-Downtime Database Migrations on Google Cloud Run
Learn how to perform safe, zero-downtime database migrations for Ruby on Rails applications running on serverless infrastructure.
-
Adding TailwindCSS to a Legacy Rails App: A Phased Migration Guide
A pragmatic guide for engineering leaders and senior developers on incrementally modernizing legacy Rails applications with TailwindCSS.
-
Auditing Your Rails Codebase for Malicious X-Forwarded-Host Headers
A practical guide to identifying, understanding, and mitigating Host header injection vulnerabilities in Ruby on Rails applications.
-
Automating Database Backups And Rollbacks During Cloud Platform Transitions
A guide to automating database backups and rollbacks for a smooth transition when migrating your Rails application across cloud platforms.
-
Automating Security Audits for Legacy Ruby on Rails Codebases
Learn how to automate security audit reports for legacy Rails applications using static analysis tools like Brakeman and Bundler-Audit in your CI/CD pipeline.
-
Understanding and Fixing CVE-2007-3227: The ActiveRecord to_json XSS Vulnerability
A look back at CVE-2007-3227, examining how ActiveRecord's to_json method in early Rails versions could lead to XSS vulnerabilities.
-
CVE-2007-6077: Incomplete Fix for Rails Session Fixation
An examination of CVE-2007-6077, where a flawed patch in Rails 1.2.4 failed to fully address session fixation due to mutable state in constants.
-
CVE-2008-4094: SQL Injection via limit and offset in Ruby on Rails
An in-depth look at CVE-2008-4094, a high-severity SQL injection vulnerability in early Ruby on Rails versions, and the importance of upgrading legacy systems.
-
CVE-2008-7248: Bypassing CSRF Protection with text/plain in Ruby on Rails
An analysis of CVE-2008-7248, a vulnerability in Ruby on Rails ActionPack that allowed attackers to bypass Cross-Site Request Forgery (CSRF) protection using the text/plain content type.
-
CWE-613 Session Management Flaws in Rails: Avoiding Hijacking and Fixation
Learn how to prevent common session management flaws in Ruby on Rails applications, including session hijacking and fixation (CWE-613), by following security best practices.
-
CWE-78 Command Injection in Rails: Securely Handling External Commands
A comprehensive guide to understanding and preventing command injection (CWE-78) vulnerabilities in Ruby on Rails applications.
-
CWE-79, Cross-Site Scripting (XSS) in Rails: Protecting Your Views
A deep dive into Cross-Site Scripting (XSS) vulnerabilities in Ruby on Rails, focusing on how to protect your application's views from malicious user input.
-
Server-Side Request Forgery (SSRF) in Rails: Risks and Mitigation
A deep dive into Server-Side Request Forgery (SSRF) vulnerabilities in Ruby on Rails applications, exploring the risks and practical mitigation strategies.
-
Dual Booting Rails 7.2 and 8.0
Learn how to use dual booting to safely and incrementally upgrade your Ruby on Rails application from version 7.2 to 8.0 without halting feature development.
-
Using Feature Flags for Safe Ruby on Rails Version Upgrades
Learn how to use feature flags to safely manage Ruby on Rails version upgrades, minimize downtime, and mitigate risks during software modernization.
-
Form Handling in Modern Rails: Replacing Rails UJS with Inertia.js useForm
Learn how to replace legacy Rails UJS form submissions with Inertia.js useForm for modern form handling in Rails applications.
-
From 40 Minutes to 4: Parallelizing Your Rails Test Suite
Learn how we reduced a Rails test suite execution time from 40 minutes to 4 minutes by leveraging Minitest parallelization and resolving race conditions.
-
HIPAA Compliance Risks of Running End-of-Life (EOL) Rails Versions
Explore the security vulnerabilities and HIPAA compliance risks of running end-of-life Ruby on Rails in healthcare apps handling ePHI, and how to fix them.
-
How to Benchmark Cloud Provider Performance for Ruby on Rails Apps
A pragmatic guide to evaluating cloud infrastructure performance for large and complex Ruby on Rails applications.
-
How to Convince Your CTO to Budget for a Rails Version Upgrade
A pragmatic guide for engineering leaders on translating technical debt into business risk to secure budget for Rails upgrades.
-
How to Fix Active Support File Disclosure (CVE-2023-38037) in Rails 7
A concise summary of CVE-2023-38037, its impact on Active Support, and how to patch or upgrade Rails 7 to fix the file disclosure vulnerability.
-
Fix Broken CI Builds from Rails 7.1 Deprecation Warnings
How to fix broken CI builds caused by Rails 7.1 deprecation warnings.
-
How to Generate a Gemfile.next.lock for Faster Rails Upgrades
A step-by-step technical guide to generating and managing a Gemfile.next.lock file using the bootboot plugin for smoother Rails upgrades.
-
How to Handle Active Record SQLite3 Deprecation Warnings in Rails 8.0
A pragmatic guide to fixing SQLite3 configuration deprecations and NoMethodError crashes during a Rails 8.0 upgrade.
-
How to Handle Frozen String Literals When Upgrading Legacy Ruby Apps
A pragmatic guide to addressing FrozenError exceptions, managing memory optimization, and enforcing immutability in legacy Ruby code during an upgrade.
-
How to Optimize Your GitHub Actions CI Pipeline for Rails Upgrades
A comprehensive guide to structuring and accelerating your GitHub Actions CI pipeline for Ruby on Rails upgrades.
-
How to Type-Check Your Svelte Components Against Rails JSON APIs
A practical guide to bridging the type gap between a Ruby on Rails backend and a Svelte frontend using TypeScript.
-
How to Use Sentry and Honeybadger to Monitor Errors During a Rails Upgrade
A guide to using Sentry and Honeybadger for effective error monitoring and risk management when upgrading a large Ruby on Rails application.
-
Identifying and Remediating Technical Debt Hotspots Before a Rails Upgrade
Learn how to stabilize your Ruby on Rails application before a major upgrade by identifying and remediating technical debt hotspots using tools like churn and skunk.
-
Identifying Typosquatting and Brandjacking Risks in Outdated Ruby Gems
Learn how to identify and mitigate typosquatting and brandjacking supply chain attacks in outdated Ruby and Rails applications.
-
Implementing Redis Caching to Alleviate Database Load in Legacy Rails Apps
A pragmatic guide to reducing database load and improving p95 response times in legacy Rails apps using Redis caching.
-
Improper Access Control in Rails: Preventing IDOR Vulnerabilities (CWE-284)
A guide to understanding and preventing Improper Access Control (IDOR) vulnerabilities (CWE-284) in Ruby on Rails applications.
-
Insecure Direct Object References (IDOR) in Rails: Proper Authorization Checks
A guide to understanding and preventing Insecure Direct Object References (IDOR) in Ruby on Rails applications with proper authorization checks.
-
Migrating from Paperclip to ActiveStorage in Legacy Rails Applications
A battle-tested workflow for executing a Paperclip to ActiveStorage migration in legacy Rails applications without disrupting ongoing operations.
-
Migrating from Test::Unit to Minitest for Faster CI Pipelines
Learn how to optimize your Ruby on Rails test suite speed by migrating from Test::Unit to Minitest and leveraging modern parallelization to reduce CI bottlenecks.
-
Mitigating SOC2 Risks by Establishing a Routine Rails Maintenance Schedule (Bonsai Method)
Discover how the 'Bonsai Method' of routine Rails maintenance can help mitigate SOC2 risks and improve application security.
-
Moving from Sprockets to a Modern Frontend in Ruby on Rails
A detailed guide for engineering leaders on migrating from the legacy Sprockets asset pipeline to modern frontend build systems like Esbuild, Vite, or Import Maps in Ruby on Rails.
-
Optimizing Active Record Memory Usage in Large Rails Background Jobs
A guide to optimizing Active Record memory usage in large Rails background jobs to prevent memory bloat and reduce cloud hosting costs.
-
Optimizing Frontend Assets with ESBuild and Rollup in Vite Rails
Learn how to optimize frontend asset compilation and delivery in Ruby on Rails applications using Vite with ESBuild and Rollup for improved performance.
-
Optimizing Passenger and Nginx for Rails 8
A guide to practical strategies for optimizing Passenger and Nginx specifically for a Rails 8 architecture.
-
PCI DSS Compliance: Why Your Rails 5.2 App Will Fail Its Next Audit
An in-depth look at why running End-of-Life (EOL) Ruby on Rails 5.2 guarantees a failed PCI DSS audit, how auditors detect vulnerabilities, and the path to remediation.
-
Rails Transition: From RAILS_ENV to Rails.env and Environment Predicates
Learn how Rails evolved from using the RAILS_ENV constant to Rails.env with convenient predicate methods, and how to modernize your legacy codebase.
-
Reducing Largest Contentful Paint (LCP) Times in Server-Rendered Rails Views
Learn practical techniques to diagnose and fix poor Largest Contentful Paint (LCP) times in server-rendered Ruby on Rails applications.
-
Reducing P95 Response Times in Rails via Database Table Partitioning
Learn how to improve Rails scalability, reduce p95 response times, and resolve database bottlenecks with PostgreSQL table partitioning.
-
Replacing Devise with Rails 8.0 Built-In Authentication: A Step-by-Step Guide
Learn how to reduce technical debt and migrate your Ruby on Rails application from Devise to the built-in authentication system in Rails 8.0.
-
Replacing Heavy React SPAs with Inertia.js and Svelte in Rails Apps
Learn how to reduce complexity and improve maintainability by migrating from a separated React SPA to a monolith using Inertia.js and Svelte in Rails.
-
Resolving Rails 8 Encrypted Secrets Deprecations
A practical guide to migrating from Rails encrypted secrets to credentials, resolving the encrypted secrets deprecation in Rails 8.
-
Resolving Flaky Tests Caused by Hardcoded Directories in Rails CI
Learn how to diagnose and fix Minitest race conditions and broken CI builds caused by hardcoded file paths in parallelized Rails test suites.
-
Securing Your Gemfile: How to Use Bundler Checksums to Prevent Supply Chain Attacks
A guide to using Bundler checksums to secure your Gemfile and prevent supply chain attacks in your Ruby on Rails application.
-
Session Fixation in Rails: Securing User Sessions
Learn how to prevent CWE-384, a session fixation vulnerability, in your Ruby on Rails applications by properly managing user sessions.
-
Setting Up Foreman and Procfile.dev for Rails and Vite
Learn how to manage multiple development processes in a modern Ruby on Rails application with Vite for frontend tooling using Foreman and a Procfile.dev.
-
Setting Up Log Aggregation with Datadog or New Relic After a Heroku Migration
A pragmatic engineering guide to replacing Heroku Logplex with Datadog or New Relic for Ruby on Rails applications.
-
SQL Injection in Rails: Understanding and Preventing CWE-89
A comprehensive guide to understanding and preventing SQL injection (CWE-89) vulnerabilities in Ruby on Rails applications.
-
Squashing PRs vs. Small Commits: Best Git Practices for Rails Upgrades
A guide to the trade-offs between squashing pull requests and preserving a granular history of small, atomic commits during a Ruby on Rails application upgrade.
-
Step-by-Step Guide to Safely Upgrading Ruby in a Dockerized Rails App
A pragmatic, battle-tested workflow for engineering teams to safely upgrade Ruby in Dockerized Rails applications.
-
The Faster vs. Safer Approach to Dual-Booting Legacy Rails Apps
A guide to the trade-offs between speed and safety when implementing a dual-booting strategy for a legacy Ruby on Rails application upgrade.
-
Time to Migrate from Heroku: Evaluating Render, Fly.io, and Railway for Rails
An engineering leader's guide to the Heroku platform transition, comparing Render, Fly.io, and Railway as modern PaaS alternatives for Ruby on Rails applications.
-
Transitioning a Monolithic Rails App to Docker and AWS ECS/Fargate
A comprehensive guide for engineering leaders on containerizing large and complex Ruby on Rails applications using Docker and AWS ECS/Fargate.
-
Tuning Your AWS Cloud Infrastructure After a Rails 7 Upgrade
A battle-tested workflow for optimizing AWS infrastructure, reducing cloud costs, and improving performance after upgrading to Rails 7.
-
Updating Your Redis Infrastructure When Migrating Off Heroku
When engineering teams migrate large and complex applications off Heroku, the relational database often receives the most attention. Moving from Heroku Postgres to a solution like AWS RDS requires careful planning, but migrating your Redis infrastructure carries its own set of critical risks.
-
Upgrading Legacy Rails Views to Svelte Components Using Inertia.js
Learn a practical, incremental approach to replacing complex, legacy Rails views with modern Svelte components using Inertia.js as a bridge between Ruby on Rails and modern JavaScript.
-
Upgrading Ruby and Rails: Best Practices and Pitfalls
A comprehensive guide to upgrading Ruby and Rails applications, covering best practices, common pitfalls, and security considerations.
-
CWE-916: Using Potentially Dangerous Functions in Rails
A security overview of CWE-916, focusing on the use of potentially dangerous functions in Ruby on Rails applications and how to mitigate risks.
-
Weak Password Hashing in Rails: The Importance of Strong Algorithms
Understand the risks of CWE-327, weak password hashing, in Ruby on Rails applications and learn how to implement strong, secure password storage using modern hashing algorithms like bcrypt.