I’m working my way through RailsConf 2019 and I keep finding gems (excuse the pun).
No Such Thing as a Secure Application by Lyle Mullican was one such gem.
Some highlights for me were:
Learning to test made me write better code… When we start to think about writing security tests we design better security controls
[Even] if you’re not testing your security controls, somebody [else] probably is… and you really don’t want to outsource security testing to the Internet
If you get false positives from a static analysis tool it might be a code smell:
If I’ve made my code hard for Brakeman to understand and reason about then I’m probably making it too hard for people to understand as well
How well do we react to failure: