ruby – WindowsTechs.com

PRevent: Open-source tool to detect malicious code in pull requests

Posted on February 20, 2025 by Zeljka Zorz

Apiiro security researchers have released open source tools that can help organizations detect malicious code as part of their software development lifecycle: PRevent (a scanner for pull requests), and a malicious code detection ruleset for Semgrep and… Continue reading PRevent: Open-source tool to detect malicious code in pull requests→

Software Makers Encouraged to Stop Using C/C++ by 2026

Posted on November 4, 2024 by Megan Crouse

The Cybersecurity and Infrastructure Security Agency and Federal Bureau of Investigation assert that C, C++, and other memory-unsafe languages contribute to potential security breaches. Continue reading Software Makers Encouraged to Stop Using C/C++ by 2026→

TIOBE Index News (April 2024): PHP’s Popularity Declining

Posted on April 12, 2024 by Megan Crouse

The top three programming languages – C++, C and Python – remain the same, while Fortran rises. Continue reading TIOBE Index News (April 2024): PHP’s Popularity Declining→

White House Recommends Memory-Safe Programming Languages and Security-by-Design

Posted on March 4, 2024 by Megan Crouse

A new report promotes preventing cyberattacks by using memory-safe languages and the development of software safety standards. Continue reading White House Recommends Memory-Safe Programming Languages and Security-by-Design→

exploiting the scenario and how to generate a secure reset password token

Posted on December 14, 2022 by hanan

I am using the following line of code to create a reset password code sent to the user in her/his email. when scanned with brakeman to my ruby code, this line of code is catched and describes it as it is vulnerable.
this is the line of cod… Continue reading exploiting the scenario and how to generate a secure reset password token→

ruby on rails constantize exploitation

Posted on December 5, 2022 by hanan

I was trying to exploit the constantize method in ruby for remote code execution. for example I have this line code:
@mygroups = params[:group][:type].constantize.new(params[:group])

and in the request I sent the following payload:
group%… Continue reading ruby on rails constantize exploitation→

How to exploit and fix dependency vulnerabilities? [closed]

Posted on June 24, 2022 by icdcoffee

I have a vulnerability scanner than detected a security vulnerability in a particular package. Let’s call it package "D@4.0". D@4.0 is used by other dependencies, such as this:
A@1.0 > B@2.0 > C@3.0 > D@4.0.
Typically th… Continue reading How to exploit and fix dependency vulnerabilities? [closed]→

RubyGems supply chain rip-and-replace bug fixed – check your logs!

Posted on May 9, 2022 by Paul Ducklin

Imagine if you could assume the identity of, say, Franklin Delano Roosevelt simply by showing up and calling yourself “Frank”. Continue reading RubyGems supply chain rip-and-replace bug fixed – check your logs!→

Ruby on Rails: Request to http://\localhost/admin/config.php

Posted on April 5, 2022 by Railsana

I got an exception notification for a request from 92.118.39.180:61001 to: http://\localhost/admin/config.php
This is the notification:
——————————-
Request:
——————————-

* URL : http://\local… Continue reading Ruby on Rails: Request to http://\localhost/admin/config.php→

A Ruby Developer’s Life In Kharkiv, Ukraine

Posted on March 17, 2022 by BeauHD

In an interview with The Register, Victor Shepelev, a Ruby developer and software architect who lives in Kharkiv, Ukraine, shares his experience living in a country being invaded by Russia. He hopes that his situation will encourage international polit… Continue reading A Ruby Developer’s Life In Kharkiv, Ukraine→