Originally posted on the thoughtbot Blog

The COVID-19 pandemic has got me thinking a lot about web security. With so much of the world working and living remote, we are increasingly vulnerable to cyber attacks. Malicious actors have taken notice, and are working to take advantage of the expanded surface area for these attacks. It is important during these challenging times to be vigilant. Good security hygiene can protect our businesses, our users, and ourselves.

So what can you do? Prioritize upgrading your Rails application. Many older versions of Rails have known security vulnerabilities that have been fixed in later versions. Applying security fixes for your dependencies as they are released is one of your first lines of defense against an attack. Leaving known vulnerabilities exposed in your production application is a big risk.

Upgrading Rails might seem like a huge, overwhelming project, but it doesn’t have to be that way. Careful planning and an iterative approach can significantly de-risk an upgrade project. Some might even call it good fun (I personally really enjoy upgrade projects).

Of course not everyone enjoys upgrades as much as I do, and upgrades can complete with delivering new features and fixing bugs. That’s why many of our clients partner with thoughtbot to manage the process for them.

Alejandro programming at his desk. The left side covered by a red
quadrilateral with white text: Free Online Workshop. Protect your Rails app
against security threats during COVID-19. May 14th from 12 to 1pm ET.
thoughtbot

We invite you to join us for an online workshop focused on why and how to upgrade your Ruby on Rails application.

This workshop will include:

  • An exploration of the benefits and risks of upgrading a Rails application, with a focus on security and performance
  • Tips for getting stakeholders across the company on board with an upgrade project
  • An overview of thoughtbot’s approach to completing an upgrade while continuing to deliver new features
  • A discussion of some recent thoughtbot Rails upgrade projects
  • Live Q&A with you the audience

This workshop is ideal for:

  • Engineering leaders looking to improve application security and performance
  • Senior developers working with unmaintained versions of Rails
  • Product owners deciding whether an upgrade is worth the cost

I’ll be hosting the workshop, joined by two other thoughtbot developers experienced with Rails upgrades, Joël Quenneville and Elisa Verna.

Join us on May 14th, 2020 from 12-1pm ET - we look forward to seeing you there!