All Stories

Ruby on Rails cheatsheet: the review

Jim Manico is a friend and a rinomated security professional. He announced in Owasp mailing list that a Ruby on Rails cheatsheet is available.

Exploiting SSH weak passwords the ruby way

Even before starting writing complex input filters to manage your users’ input, you must care about the password you use on your servers. If they are poor, no application security...

Is Vulnerability Management a buzz word?

Some days ago, on a group about Italian startups, a smart guy said he had a breakthrough product he is going to develop: a cloud based solution to store...

Defending yourself is not a crime

When I wrote last week post incipt, I wasn’t aware I was going to make a prophecy about 2013 and application security.

CVE-2012-5664: Sql Injection on Rails... again

2013 is well promising for application security. Two days ago Aaron Patterson, a rails core member announced a SQL Injection vulnerability for ActiveRecord ORM included in Rails framework.

codesake engine and two weeks of BDD development

Two weeks ago, I posted an article about a real world source code security review. Using regular expressions I was able to spot interesting things over JSP files I was...