Security Archives - Page 3 of 3

29 views
3 minute read
No comments

Identify Tor connections in Node.js with Tor-test

Vladimir
November 15, 2016

We released a new feature to our web-application protection tool: Sqreen now monitors the user traffic originated from Tor. All security events linked to such connections is highlighted, and particular…

View Post

Dev
Security

40 views
6 minute read
No comments

Tor – the good, the bad, and the ugly

Christophe
November 3, 2016

Tor offers anonymous browsing capabilities to people across the world. Users located in countries with strict censorship laws can use it to access restricted sites like Facebook, Google, foreign news…

View Post

27 views
4 minute read
No comments

The two most common vulnerabilities in Rails (with code)

Benoit
October 10, 2016

Ruby on Rails is one of the most popular frameworks used to create web applications. It’s very easy to start using it; it shines to do any kind of non-trivial…

View Post

93 views
5 minute read
9 comments

One easy way to inject malicious code in any Node.js application

Vladimir
August 22, 2016

tl;dr This article describes a method of injecting arbitrary code in Node.js modules. It does not encourage unethical behavior. The chain used to include instances of modules can be tampered to…

View Post

From the Archive: Application security from the inside [Presentation at OWASP]

Jb
July 25, 2016

Today we are sharing a presentation that our CTO Jean-Baptiste Aviat did at the OWASP (Open Web Application Security Project) a couple of months ago. Hackers have several ways to…

View Post

26 views
4 minute read
One comment

Integrating Content Security Policy into your Rails applications

Jb
July 11, 2016

TL; DR Content Security Policy (CSP) is an HTTP response header that restricts the browser to loading external assets such as scripts, styles or media from a wide variety of…

View Post

8 views
5 minute read
No comments

App Security – The painful invisible challenge that we love to hate

Pierre
July 8, 2016

We fought on the security frontline at Apple for about ten years. Our mission was simple: to attack products using any means necessary and then work on the fixes with development…

View Post

Ruby on Rails Security in your Continuous Integration

Jb
July 7, 2016

Foundations of your development cycle “Never send a human to do a machine’s job ” — Agent Smith How open-source public tools can help improve your software security in your Continuous…

View Post

Dev
Security

5 views
0 minute read
No comments

The usual (git) flow of Developers Vs. Security

Pierre
July 7, 2016

View Post