The Armored Code
A blog talking about offensive and defensive security and how to craft software in a secure way
CVE-2012-5664: Sql Injection on Rails... again
2013 is well promising for application security. Two days ago Aaron Patterson, a rails core member announced a SQL Injection vulnerability for ActiveRecord ORM included in Rails framework.
04 Jan 2013
codesake engine and two weeks of BDD development
Two weeks ago, I posted an article about a real world source code security review. Using regular expressions I was able to spot interesting things over JSP files I was...
23 Dec 2012
Bypassing HTTP Basic Authentication in PHP application nominated as hacking technique for 2012
Authentication is a cool topic in application security research nowadays. Last April I posted about a real world security assessment activities over a friend of mine PHP powered portal.
13 Dec 2012
Driven by real world task: code reviewing JSP using regular expressions
Nothing but solving a real world problem can help boosting a piece of software to evolve.
03 Dec 2012
Use the Nexpose API to automate report generation and download
In a previous post I talked about Rapid7 Nexpose) vulnerability assessment tool and how you can write some ruby code to search a server by IP address.
30 Nov 2012
Crafting an authentication subsystem that rocks for your Padrino application with Omniauth
Next time you point your browser to a /login url wait a minute before submitting your credentials. There is a complex system you’re going to use when you submit that...
21 Nov 2012
Never miss a
from us, subscribe to our newsletter