Ruby and JavaScript 2015 Class Schedule

Our class schedule is set for the remainder of 2015. We will be teaching JavaScript Applications and Ruby several more times this year at Eleven Fifty.

The dates for the JavaScript Applications course are as follows:

  • May 16-22
  • August 15-21
  • November 7-13

The dates for Ruby/Ruby on Rails are as follows:

  • May 2-8
  • July 11-17
  • October 24-30

I talked about Eleven Fifty on Inside Indiana Business awhile back. Check it out!

Clip from Inside Indiana Business

Dave Strus on Inside Indiana Business

permalink

Exploit your Rails application with MetaSploit

Last month, we published an article on Static Security Analysis of your Ruby and Rails applications, but what about the other side of the coin, live application scanning and exploitation?

MetaSploit is a very popular tool for doing both good and evil. It is a penetration tester for insecure systems and also an exploit delivery mechanism for those that might not have the best intentions at heart. However, it is a powerful tool that we can use it to check our servers and applications for known exploitable security issues (hopefully before others beat us to it)!

Keep reading »

permalink

One weird trick to keep your Rails application away from prying eyes during development.

Hackers HATE it.

Have you ever stopped to consider that running


rails server

in development mode is a security risk?

Let’s say you are grooving on some Rails code in a coffee shop or co-working space and fire up rails server, as you do.

Whoa buddy, Put the brakes on! Anyone on that network can now potentially see what you are doing, or even interfere with your dev process by visiting your computer’s IP address with a web browser.

Keep reading…

permalink

Static Security Analysis of your Ruby and Rails Applications

The Ruby community is blessed with a number of great tools to look over your code, and report back to you with actionable stuff that you can do to secure your application against internet threats.

The tools we are looking at in this post are those that use a fancy technique called Static Analysis, which means that they doesn’t actually run your code, but looks for patterns, like params being used in strings that are passed to your database in an unsafe way, even if they are stored in another variable first.

This is a great way to get visibility into the security threats hiding in your application.

Lets talk about a few of them.

Keep reading…

permalink