How I switched from Ruby to Python
Benoit
This article is a personal experience shared by Benoit, Sqreen’s first engineer who worked on the Ruby agent and on the Python backend. Ruby, a love story Back in 2008…
Browsing Category
Ruby
11 posts
An in-depth look at CVE-2018-8778 or why integer overflows are still a thing!
A new exciting vulnerability (yes sorry, we easily get excited about these things 😜) has been released in Ruby. CVE-2018-8778 is a Buffer under-read that is triggered by String#unpack. Kudos…
Protecting against the command injection vulnerability in Net::FTP
Paul
Last week a vulnerability affecting Net::FTP, part of Ruby standard library, was uncovered by Etienne Stalmans (Great job 🙌) from the Heroku product security team. This article will explain the vulnerability and…
Using the Sqreen Agent without PII
Don Goodman-Wilson
Sqreen automatically tracks certain kinds of user behavior in your web application, to provide context and actionable insights into how attackers are abusing your app. By default, Sqreen tracks unique…
Discovering a Cross Site Scripting (XSS) vulnerability in Slim
What is Slim? Slim is a templating engine for the Ruby ecosystem. It is a domain-specific language (DSL) that is meant to ease the burden of writing HTML views for…
Preventing SQL injections in Ruby (and other vulnerabilities)
Chris Chinchilla
Ruby is a wonderful language for beginner coders to start with and scale to large, distributed Web and Desktop applications. It has an accepting and helpful community and strives to…
Behind the Scenes: Building a Dynamic Instrumentation Agent for Ruby
Jb
TL;DR Building a Ruby Dynamic Instrumentation Agent is no easy task. We’ve been working hard at Sqreen to make our protection transparent and frictionless. The Sqreen agent is based on…
The two most common vulnerabilities in Rails (with code)
Ruby on Rails is one of the most popular frameworks used to create web applications. It’s very easy to start using it; it shines to do any kind of non-trivial…
Sqreen at EuRuKo 2016 – Europe’s largest Ruby Conference
Two weeks ago Sqreen was a proud Puma sponsor of EuRuKo the biggest Ruby conference in Europe. It brought together over 700 Ruby aficionados in Sofia, Bulgaria. Being present with a…
Integrating Content Security Policy into your Rails applications
TL; DR Content Security Policy (CSP) is an HTTP response header that restricts the browser to loading external assets such as scripts, styles or media from a wide variety of…