Ruby Archives - Sqreen Blog

Code Vulnerabilities and SQL Injections in Ruby on Rails

56 views
8 minute read
No comments

Preventing SQL injections in Ruby (and other vulnerabilities)

Chris Chinchilla
February 12, 2021

This post’s topic is very straightforward: SQL injection, Ruby flavored. More specifically, how you can protect your Ruby application against SQL injections—and other common security threats. Ruby is a wonderful…

View Post

6 minute read
No comments

Learnings from Sqreen’s State of App Sec Report: 70% of Ruby on Rails exploits were SQLi

Carlos Schults
December 1, 2020

Saying that digital security is “important” would be the understatement of the century. It’s probably the most crucial aspect of any application nowadays. Unfortunately, security is easy to get wrong,…

View Post

66 views
7 minute read
4 comments

How I switched from Ruby to Python

Benoit
January 30, 2019

This article is a personal experience shared by Benoit, Sqreen’s first engineer who worked on the Ruby agent and on the Python backend. Ruby, a love story Back in 2008…

View Post

18 views
6 minute read
No comments

An in-depth look at CVE-2018-8778 or why integer overflows are still a thing!

Benoit
March 30, 2018

A new exciting vulnerability (yes sorry, we easily get excited about these things 😜) has been released in Ruby. CVE-2018-8778 is a Buffer under-read that is triggered by String#unpack. Kudos…

View Post

Security

7 views
3 minute read
No comments

Security.txt toolbox for your Ruby app

Benoit
January 18, 2018

What is security.txt? Security is all about tradeoffs. We all know we should be doing something about it in our application, yet, so few of us do. Strangely enough one…

View Post

11 views
3 minute read
No comments

Protecting against the command injection vulnerability in Net::FTP

Paul
December 19, 2017

Last week a vulnerability affecting Net::FTP, part of Ruby standard library, was uncovered by Etienne Stalmans (Great job 🙌) from the Heroku product security team. This article will explain the vulnerability and…

View Post

17 views
4 minute read
No comments

Discovering a Cross Site Scripting (XSS) vulnerability in Slim

Benoit
July 12, 2017

What is Slim? Slim is a templating engine for the Ruby ecosystem. It is a domain-specific language (DSL) that is meant to ease the burden of writing HTML views for…

View Post

11 views
7 minute read
No comments

Behind the Scenes: Building a Dynamic Instrumentation Agent for Ruby

Jb
January 11, 2017

TL;DR Building a Ruby Dynamic Instrumentation Agent is no easy task. We’ve been working hard at Sqreen to make our protection transparent and frictionless. The Sqreen agent is based on…

View Post