- May 16-22
- August 15-21
- November 7-13
The dates for Ruby/Ruby on Rails are as follows:
- May 2-8
- July 11-17
- October 24-30
I talked about Eleven Fifty on Inside Indiana Business awhile back. Check it out!
Dave Strus on Inside Indiana Business
Last month, we published an article on Static Security Analysis of your Ruby and Rails applications, but what about the other side of the coin, live application scanning and exploitation?
MetaSploit is a very popular tool for doing both good and evil. It is a penetration tester for insecure systems and also an exploit delivery mechanism for those that might not have the best intentions at heart. However, it is a powerful tool that we can use it to check our servers and applications for known exploitable security issues (hopefully before others beat us to it)!
Keep reading »
Hackers HATE it.
Have you ever stopped to consider that running
in development mode is a security risk?
Let’s say you are grooving on some Rails code in a coffee shop or co-working space and fire up
rails server, as you do.
Whoa buddy, Put the brakes on! Anyone on that network can now potentially see what you are doing, or even interfere with your dev process by visiting your computer’s IP address with a web browser.
The Ruby community is blessed with a number of great tools to look over your code, and report back to you with actionable stuff that you can do to secure your application against internet threats.
The tools we are looking at in this post are those that use a fancy technique called Static Analysis, which means that they doesn’t actually run your code, but looks for patterns, like params being used in strings that are passed to your database in an unsafe way, even if they are stored in another variable first.
This is a great way to get visibility into the security threats hiding in your application.
Lets talk about a few of them.