Sqreen Blog
  • Docs
Sqreen Blog

The Official Sqreen Blog

  • Docs

Browsing Tag

Ruby

8 posts
Code Vulnerabilities and SQL Injections in Ruby on Rails
  • Ruby
  • Security
  • 56 views
  • 8 minute read
  • No comments

Preventing SQL injections in Ruby (and other vulnerabilities)

  • Chris Chinchilla
  • February 12, 2021
This post’s topic is very straightforward: SQL injection, Ruby flavored. More specifically, how you can protect your Ruby application against SQL injections—and other common security threats. Ruby is a wonderful…
View Post
  • Ruby
  • Security
  • 6 minute read
  • No comments

Learnings from Sqreen’s State of App Sec Report: 70% of Ruby on Rails exploits were SQLi

  • Carlos Schults
  • December 1, 2020
Saying that digital security is “important” would be the understatement of the century. It’s probably the most crucial aspect of any application nowadays. Unfortunately, security is easy to get wrong,…
View Post
From Ruby to Python
  • Dev
  • Python
  • Ruby
  • 66 views
  • 7 minute read
  • 4 comments

How I switched from Ruby to Python

  • Benoit
  • January 30, 2019
This article is a personal experience shared by Benoit, Sqreen’s first engineer who worked on the Ruby agent and on the Python backend. Ruby, a love story Back in 2008…
View Post
Buffer under-read in Ruby
  • Ruby
  • Security
  • 18 views
  • 6 minute read
  • No comments

An in-depth look at CVE-2018-8778 or why integer overflows are still a thing!

  • Benoit
  • March 30, 2018
A new exciting vulnerability (yes sorry, we easily get excited about these things 😜) has been released in Ruby. CVE-2018-8778 is a Buffer under-read that is triggered by String#unpack. Kudos…
View Post
security.txt for Ruby
  • Security
  • 7 views
  • 3 minute read
  • No comments

Security.txt toolbox for your Ruby app

  • Benoit
  • January 18, 2018
What is security.txt? Security is all about tradeoffs. We all know we should be doing something about it in our application, yet, so few of us do. Strangely enough one…
View Post
Command Injection in Ruby
  • Ruby
  • Security
  • 11 views
  • 3 minute read
  • No comments

Protecting against the command injection vulnerability in Net::FTP

  • Paul
  • December 19, 2017
Last week a vulnerability affecting Net::FTP, part of Ruby standard library, was uncovered by Etienne Stalmans (Great job 🙌) from the Heroku product security team. This article will explain the vulnerability and…
View Post
XSS Cross-Site Scripting Slim Ruby
  • Ruby
  • Security
  • 17 views
  • 4 minute read
  • No comments

Discovering a Cross Site Scripting (XSS) vulnerability in Slim

  • Benoit
  • July 12, 2017
What is Slim? Slim is a templating engine for the Ruby ecosystem. It is a domain-specific language (DSL) that is meant to ease the burden of writing HTML views for…
View Post
Dynamic Instrumentation in Ruby
  • Dev
  • Ruby
  • Sqreen Product
  • 11 views
  • 7 minute read
  • No comments

Behind the Scenes: Building a Dynamic Instrumentation Agent for Ruby

  • Jb
  • January 11, 2017
TL;DR Building a Ruby Dynamic Instrumentation Agent is no easy task. We’ve been working hard at Sqreen to make our protection transparent and frictionless. The Sqreen agent is based on…
View Post
Search
Recent Posts
  • Democratizing security: The next step in Sqreen’s journey
  • Heroku Security: Securing your Heroku application
  • Streaming data with Amazon Kinesis
  • What is a Content Security Policy (CSP) and why is it important?
  • CIS 20 overview and what not to miss
Categories
  • Dev (56)
  • DevOps (14)
  • Go (5)
  • Java (4)
  • JavaScript (7)
  • Node.js (15)
  • PHP (3)
  • Python (18)
  • Ruby (16)
  • Security (136)
  • Sqreen Product (35)
By the Sqreen Team ❤
© Sqreen 2015-2021 – Privacy Policy