Fixing a critical issue: a journey into Ruby web server startup sequences, part two
Loic
So where are we jumping into this story? This post is part two of our story on how we dove into Ruby web server startup sequences to fix a strange…
Browsing Category
Ruby
13 posts
Fixing a critical issue: a journey into Ruby web server startup sequences, part one
Introduction In this post-mortem blog post we’ll explore the oft-neglected Rack’s design and Ruby web server startup sequence in depth through the lens of a surprising critical issue encountered by…
How I switched from Ruby to Python
Benoit
This article is a personal experience shared by Benoit, Sqreen’s first engineer who worked on the Ruby agent and on the Python backend. Ruby, a love story Back in 2008…
An in-depth look at CVE-2018-8778 or why integer overflows are still a thing!
A new exciting vulnerability (yes sorry, we easily get excited about these things 😜) has been released in Ruby. CVE-2018-8778 is a Buffer under-read that is triggered by String#unpack. Kudos…
Protecting against the command injection vulnerability in Net::FTP
Paul
Last week a vulnerability affecting Net::FTP, part of Ruby standard library, was uncovered by Etienne Stalmans (Great job 🙌) from the Heroku product security team. This article will explain the vulnerability and…
Using the Sqreen Agent without PII
Don Goodman-Wilson
Sqreen automatically tracks certain kinds of user behavior in your web application, to provide context and actionable insights into how attackers are abusing your app. By default, Sqreen tracks unique…
Discovering a Cross Site Scripting (XSS) vulnerability in Slim
What is Slim? Slim is a templating engine for the Ruby ecosystem. It is a domain-specific language (DSL) that is meant to ease the burden of writing HTML views for…
Preventing SQL injections in Ruby (and other vulnerabilities)
Chris Chinchilla
Ruby is a wonderful language for beginner coders to start with and scale to large, distributed Web and Desktop applications. It has an accepting and helpful community and strives to…
Behind the Scenes: Building a Dynamic Instrumentation Agent for Ruby
Jb
TL;DR Building a Ruby Dynamic Instrumentation Agent is no easy task. We’ve been working hard at Sqreen to make our protection transparent and frictionless. The Sqreen agent is based on…
The two most common vulnerabilities in Rails (with code)
Ruby on Rails is one of the most popular frameworks used to create web applications. It’s very easy to start using it; it shines to do any kind of non-trivial…