Ruby Archives - Sqreen Blog

Code Vulnerabilities and SQL Injections in Ruby on Rails

56 views
8 minute read
No comments

Preventing SQL injections in Ruby (and other vulnerabilities)

Chris Chinchilla
February 12, 2021

This post’s topic is very straightforward: SQL injection, Ruby flavored. More specifically, how you can protect your Ruby application against SQL injections—and other common security threats. Ruby is a wonderful…

View Post

Ruby

7 minute read
No comments

Top 10 Ruby security best practices

Carlos Schults
February 9, 2021

Do you know those things that are simultaneously incredibly important to get right but incredibly easy to get wrong? That makes for an explosive combination. One such thing happens to…

View Post

6 minute read
No comments

Learnings from Sqreen’s State of App Sec Report: 70% of Ruby on Rails exploits were SQLi

Carlos Schults
December 1, 2020

Saying that digital security is “important” would be the understatement of the century. It’s probably the most crucial aspect of any application nowadays. Unfortunately, security is easy to get wrong,…

View Post

4 minute read
No comments

From Nestaway: Automating Security Operations — Detecting and Permanently Blocking Abusive Clients

Ranjan Kathuria
November 12, 2020

Today, we’re featuring a blog post from Nestaway that was originally posted in Nestaway Engineering on Medium. Automating Security Operations is a tough task but can make the life of a security person…

View Post

Dev
Ruby

7 minute read
No comments

Fixing a critical issue: a journey into Ruby web server startup sequences, part two

Loic
July 29, 2019

So where are we jumping into this story? This post is part two of our story on how we dove into Ruby web server startup sequences to fix a strange…

View Post

Dev
Ruby

7 minute read
No comments

Fixing a critical issue: a journey into Ruby web server startup sequences, part one

Loic
July 25, 2019

Introduction In this post-mortem blog post we’ll explore the oft-neglected Rack’s design and Ruby web server startup sequence in depth through the lens of a surprising critical issue encountered by…

View Post

66 views
7 minute read
4 comments

How I switched from Ruby to Python

Benoit
January 30, 2019

This article is a personal experience shared by Benoit, Sqreen’s first engineer who worked on the Ruby agent and on the Python backend. Ruby, a love story Back in 2008…

View Post

18 views
6 minute read
No comments

An in-depth look at CVE-2018-8778 or why integer overflows are still a thing!

Benoit
March 30, 2018

A new exciting vulnerability (yes sorry, we easily get excited about these things 😜) has been released in Ruby. CVE-2018-8778 is a Buffer under-read that is triggered by String#unpack. Kudos…

View Post

11 views
3 minute read
No comments

Protecting against the command injection vulnerability in Net::FTP

Paul
December 19, 2017

Last week a vulnerability affecting Net::FTP, part of Ruby standard library, was uncovered by Etienne Stalmans (Great job 🙌) from the Heroku product security team. This article will explain the vulnerability and…

View Post

5 views
4 minute read
No comments

Using the Sqreen Agent without PII

Don Goodman-Wilson
August 3, 2017

Updated December, 2020 Sqreen automatically tracks certain kinds of user behavior in your web application, to provide context and actionable insights into how attackers are abusing your app. By default,…

View Post