Ruby Archives - Sqreen Blog

4 minute read
No comments

From Nestaway: Automating Security Operations — Detecting and Permanently Blocking Abusive Clients

Ranjan Kathuria
November 12, 2020

Today, we’re featuring a blog post from Nestaway that was originally posted in Nestaway Engineering on Medium. Automating Security Operations is a tough task but can make life of a Security guy very…

View Post

Dev
Ruby

7 minute read
No comments

Fixing a critical issue: a journey into Ruby web server startup sequences, part two

Loic
July 29, 2019

So where are we jumping into this story? This post is part two of our story on how we dove into Ruby web server startup sequences to fix a strange…

View Post

Dev
Ruby

7 minute read
No comments

Fixing a critical issue: a journey into Ruby web server startup sequences, part one

Loic
July 25, 2019

Introduction In this post-mortem blog post we’ll explore the oft-neglected Rack’s design and Ruby web server startup sequence in depth through the lens of a surprising critical issue encountered by…

View Post

66 views
7 minute read
4 comments

How I switched from Ruby to Python

Benoit
January 30, 2019

This article is a personal experience shared by Benoit, Sqreen’s first engineer who worked on the Ruby agent and on the Python backend. Ruby, a love story Back in 2008…

View Post

18 views
6 minute read
No comments

An in-depth look at CVE-2018-8778 or why integer overflows are still a thing!

Benoit
March 30, 2018

A new exciting vulnerability (yes sorry, we easily get excited about these things 😜) has been released in Ruby. CVE-2018-8778 is a Buffer under-read that is triggered by String#unpack. Kudos…

View Post

11 views
3 minute read
No comments

Protecting against the command injection vulnerability in Net::FTP

Paul
December 19, 2017

Last week a vulnerability affecting Net::FTP, part of Ruby standard library, was uncovered by Etienne Stalmans (Great job 🙌) from the Heroku product security team. This article will explain the vulnerability and…

View Post

Dev
Ruby

5 views
4 minute read
No comments

Using the Sqreen Agent without PII

Don Goodman-Wilson
August 3, 2017

Sqreen automatically tracks certain kinds of user behavior in your web application, to provide context and actionable insights into how attackers are abusing your app. By default, Sqreen tracks unique…

View Post

17 views
4 minute read
No comments

Discovering a Cross Site Scripting (XSS) vulnerability in Slim

Benoit
July 12, 2017

What is Slim? Slim is a templating engine for the Ruby ecosystem. It is a domain-specific language (DSL) that is meant to ease the burden of writing HTML views for…

View Post

Code Vulnerabilities and SQL Injections in Ruby on Rails

56 views
7 minute read
No comments

Preventing SQL injections in Ruby (and other vulnerabilities)

Chris Chinchilla
April 14, 2017

Ruby is a wonderful language for beginner coders to start with and scale to large, distributed Web and Desktop applications. It has an accepting and helpful community and strives to…

View Post

11 views
7 minute read
No comments

Behind the Scenes: Building a Dynamic Instrumentation Agent for Ruby

Jb
January 11, 2017

TL;DR Building a Ruby Dynamic Instrumentation Agent is no easy task. We’ve been working hard at Sqreen to make our protection transparent and frictionless. The Sqreen agent is based on…

View Post