All Stories

Some security tips for ruby hackers: leveraging the attack surface: part 2

In the first part of this overview about web application perimeter recognizance we stopped using ciphersurfer to check for SSL certificate weakness.

What I learnt from Italian RubyDay

Today I attended the Italian RubyDay with a talk about application security. More in details the talk was about how to use ruby to automate some security tests as described...

Some security tips for ruby hackers: leveraging the attack surface. Part 1.

In the first episode I introduced the security checks I’d like to talk about at the talk I have to give next Friday.

Some security tips for ruby hackers: prelude

Next Friday I’ll give a talk about using ruby and gems to quick test a webapp for security issues.

LeakedIN and the salt and pepper sauce

Two days ago, the Internet was squashed by a very large sensitive data breach. More than 6.4M of password hashes coming from LinkedIN were published by an unknown attacker crew...

CVE-2012-2661: SqlInjection on Rails

A SQL Injection was discovered in ActiveRecord Rails' default ORM framework. Let's talk about the vulnerability, the patch and other mitigation stuff.