Security Archives - Sqreen Blog

Security

18 views
5 minute read
No comments

Security analysis of the top 1000 SaaS companies: we still have a long way to go

Josh
March 20, 2019

SaaS has become the de facto standard for most B2B tools and B2C applications. As a result, more and more personal and business-critical data is entrusted to third parties who…

View Post

17 views
2 minute read
No comments

ESLint backdoor: revoke all the tokens

Vladimir
July 12, 2018

Tl;dr [EDIT 2018-07-16] The official ESLint post-mortem has been released. NPM already revoked all tokens at once so you probably don’t need to do this yourself. A backdoor was introduced…

View Post

18 views
6 minute read
No comments

An in-depth look at CVE-2018-8778 or why integer overflows are still a thing!

Benoit
March 30, 2018

A new exciting vulnerability (yes sorry, we easily get excited about these things 😜) has been released in Ruby. CVE-2018-8778 is a Buffer under-read that is triggered by String#unpack. Kudos…

View Post

Security

76 views
3 minute read
3 comments

Security analysis of the most popular cryptocurrency exchanges

Paul
January 25, 2018

So you’ve finally decided to buy some Bitcoin, Ethereum or any other coin that’s all the rage these days? At Sqreen, we’re not so much interested in the cryptocurrency craze,…

View Post

Security

8 views
5 minute read
No comments

In ICO, the S stands for Security

Jb
January 11, 2018

ICOs are all the rage these days. You have ICOs raising millions in seconds, and others losing millions in seconds. Coming from a security background, I wondered if these ICOs…

View Post

19 views
5 minute read
One comment

State of Node.js Security 2017

Don Goodman-Wilson
November 9, 2017

A wake-up call It will be hard to escape 2017 without a new-found respect for the importance of application security. The Equifax breach, resulting from an exploit of a well-known…

View Post

Code Vulnerabilities and SQL Injections in Ruby on Rails

56 views
7 minute read
No comments

Preventing SQL injections in Ruby (and other vulnerabilities)

Chris Chinchilla
April 14, 2017

Ruby is a wonderful language for beginner coders to start with and scale to large, distributed Web and Desktop applications. It has an accepting and helpful community and strives to…

View Post

Security

26 views
6 minute read
2 comments

Block SQL injections, not your customers

Jb
April 11, 2017

SQL Injections? How are those still a thing? A SQL injection is the art of modifying the structure of a SQL query in a way that was not intended by…

View Post

Security

14 views
9 minute read
No comments

Securing Legacy Applications

Matthew
March 23, 2017

Legacy applications. If there’s one thing that developers agree on, it’s that they don’t want to work on them. If not that, it’s that they’re often, by default, assumed to…

View Post

44 views
1 minute read
No comments

Stop using pycrypto. Use pycryptodome instead

Paul
March 23, 2017

As we are still seeing a lot of applications depending on the Python Cryptography Toolkit (aka pycrypto) to manage their cryptography, this is a quick reminder to stop using it. The vulnerability…

View Post