- December 25, 2016 | By Jason Yeo
A few days ago, I found a CSRF vulnerability in rails_admin. rails_admin is a Ruby gem that generates administrative interfaces for your models automatically. Interestingly, this vulnerability is similar in nature to the one I found in administrate, a similar gem. Additionally, past Ruby gems…Read Article
- April 10, 2016 | By Jason Yeo
A week ago, a couple of security researchers warned about unverified TLS certificates in SSL libraries of some programming languages. You may read more at their blog. In summary, they found that all programming languages do not verify revoked certificates and languages like Python and PHP do not…Read Article
- April 5, 2016 | By Jason Yeo
Most Rails applications typically use a bunch of gems. Some of these gems may be Rails engines. Devise, Shoppe and RailsAdmin are examples of engines. The simple definition of an engine is a mini Rails application. When you include an engine in your Rails application, you are actually including an…Read Article
- March 29, 2016 | By Jason Yeo
Cross-site request forgery (CSRF) protection has been around in the form of protect_from_forgery since Rails 2 but somehow it's also the most misunderstood feature in the Rails community. To many Rails developers, the protection might seem like magic and thus the details of how it works are ignored…Read Article
Application Security Tool Kit
Love to learn about Application Security?
Get all the latest news, tips and articles delivered right to your inbox.
No thanks, back to the article please.