All Stories

Creating awereness on an hostile environment

With a colleague we were wondering about how much difficult is to create an application security awareness climate in big corporate development team. Please bear in mind that since I’m...

Ruby on Rails cheatsheet: the review

Jim Manico is a friend and a rinomated security professional. He announced in Owasp mailing list that a Ruby on Rails cheatsheet is available.

Exploiting SSH weak passwords the ruby way

Even before starting writing complex input filters to manage your users’ input, you must care about the password you use on your servers. If they are poor, no application security...

Is Vulnerability Management a buzz word?

Some days ago, on a group about Italian startups, a smart guy said he had a breakthrough product he is going to develop: a cloud based solution to store...

Defending yourself is not a crime

When I wrote last week post incipt, I wasn’t aware I was going to make a prophecy about 2013 and application security.

CVE-2012-5664: Sql Injection on Rails... again

2013 is well promising for application security. Two days ago Aaron Patterson, a rails core member announced a SQL Injection vulnerability for ActiveRecord ORM included in Rails framework.