How I switched from Ruby to Python
Benoit
This article is a personal experience shared by Benoit, Sqreen’s first engineer who worked on the Ruby agent and on the Python backend. Ruby, a love story Back in 2008…
Browsing Tag
Ruby
7 posts
An in-depth look at CVE-2018-8778 or why integer overflows are still a thing!
A new exciting vulnerability (yes sorry, we easily get excited about these things 😜) has been released in Ruby. CVE-2018-8778 is a Buffer under-read that is triggered by String#unpack. Kudos…
Security.txt toolbox for your Ruby app
What is security.txt? Security is all about tradeoffs. We all know we should be doing something about it in our application, yet, so few of us do. Strangely enough one…
Protecting against the command injection vulnerability in Net::FTP
Paul
Last week a vulnerability affecting Net::FTP, part of Ruby standard library, was uncovered by Etienne Stalmans (Great job 🙌) from the Heroku product security team. This article will explain the vulnerability and…
Discovering a Cross Site Scripting (XSS) vulnerability in Slim
What is Slim? Slim is a templating engine for the Ruby ecosystem. It is a domain-specific language (DSL) that is meant to ease the burden of writing HTML views for…
Preventing SQL injections in Ruby (and other vulnerabilities)
Chris Chinchilla
Ruby is a wonderful language for beginner coders to start with and scale to large, distributed Web and Desktop applications. It has an accepting and helpful community and strives to…
Behind the Scenes: Building a Dynamic Instrumentation Agent for Ruby
Jb
TL;DR Building a Ruby Dynamic Instrumentation Agent is no easy task. We’ve been working hard at Sqreen to make our protection transparent and frictionless. The Sqreen agent is based on…