https://magoo.github.io/Blockchain-Graveyard/ • Adam Shostack, Learning to Threat Model for Security Professionals: https://www.linkedin.com/learning/learning-threat-modeling-for-security-professionals • OWASP: https://www.owasp.org/index.php/Security_by_Design_Principles • Brad Ediger, Advanced Rails: https://learning.oreilly.com/library/view/advanced-rails (security chapter) • Secure Headers Gem: https://github.com/twitter/secure_headers • Salus Gem: https://github.com/coinbase/salus • Adam Shostack, Threat Modeling: https://www.amazon.com/Threat-Modeling-Designing-Adam-Shostack/dp/1118809998 • Bundler Audit Gem: https://github.com/rubysec/bundler-audit • Brakeman Gem: https://github.com/presidentbeef/brakeman • Pundit Gem: https://github.com/varvet/pundit • Michal Zalewski, The Tangled Web: https://www.amazon.com/Tangled-Web-Securing-Modern-Applications/dp/1593273886