Highest Voted 'ruby' Questions - IT Security Stack Exchange

3

votes

0 answers

How does the Ruby on Rails CSRF Protection Work?

I am not sure i completely understand how Ruby on Rails handles CSRF protection. My understanding was that a token is generated and embedded in the HTML markup as a meta tag, and at the same time encrypted in the session cookie. When performing a…

asked Jul 12 '18 at 14:24

daniel f.

281
1
6

3

votes

3 answers

Plain text Rails environment variables and security

I work for a healthcare company that emphasizes security, due to the sensitivity of the data that we work with. Recently, we've been doing a lot of auditing (internal and external) of our current "stack" to ensure that we're compliant with various…

encryption ruby rails environment-variables

asked Jan 12 '17 at 16:56

RonMexico

31
1

3

votes

1 answer

Possibility of SQLI in the following request?

I was testing an web application which is written in Ruby, Rails framework, when I stumbled on the following request which was sent. I modified the request and now it displays me a part of the query of an SQL. I am not familiar with SQL in Ruby, so…

sql-injection rails ruby

asked Jul 03 '16 at 04:33

Dhayalan Pro

131
2

2

votes

1 answer

Can we join a table in this Ruby on Rails Direct Object Reference?

I am trying to inject a RoR application... I have found a nice command which will allow me to delete things unchecked...but the problem is that its not a problem its a very minor point, to make it a problem is there anyway I can inject a command to…

sql-injection injection ruby

asked Mar 04 '15 at 16:12

TheHidden

4,265
3
21
40

2

votes

1 answer

How does CVE-2013-4287 make Rubygems any more vulnerable?

I've recently heard about CVE-2013-4287, which can cause denial of service due to CPU consumption. But earlier this year, I attended Hacking with Gems which showed all kinds of weird and wonderful things a hacker could do with a malicious gem. If a…

ruby

asked Sep 10 '13 at 23:18

Andrew Grimm

2,100
2
20
27

2

votes

1 answer

How to verify Ruby on Rails projects are at current patch levels?

I've got a few Ruby on Rails systems running Ubuntu 14.04LTS. The Ubuntu version of supported Ruby is 1.9.1 but the developers use a Gemfile and Bundler which (AFAIK) installs Ruby (and gems) out-of-band from the OS updates to allow differernt…

audit ubuntu software ruby rails

asked Apr 06 '18 at 15:56

Server Fault

233
1
7

2

votes

0 answers

Arp Spoofing detection with Ruby

I am planning to develop a Ruby script that detects ARP spoofing attacks on a local network, I have a few questions about it. There are three scenarios I am taking into consideration: First idea as always is a basic idea.  If ARP poisoning is…

arp-spoofing ruby arp

asked Apr 04 '17 at 23:59

Fatih Altuntaş

121
1

2

votes

0 answers

What is the purpose of OpenSSL::X509::ExtensionFactory

Why standard library of ruby suggests to create factory and only then add extensions to certificate ? ef = OpenSSL::X509::ExtensionFactory.new ef.subject_certificate = our_cert ef.issuer_certificate =…

ruby

asked Mar 21 '17 at 19:16

srghma

203
2
7

2

votes

1 answer

Restriction to ui panel on BeEF+Bettercap generates error login

I'm not sure if I discovered a possible bug. I already reported to Bettercap's staff on their Bettercap's Github but as you can see on that link, it seems the problem is not on Bettercap's side. Maybe is a BeEF bug or I am missing something...…

linux ruby beef bettercap

asked Jan 04 '17 at 19:56

OscarAkaElvis

5,185
3
17
48

2

votes

1 answer

Is Ruby's SQL Injection protection enough to warrant not using additional security measures?

In my experience, SQL Injection is always a threat. If bad actors don't penetrate via SQL, they get enough data to launch bruteforces via MBASentry or do privilege escalation via scripts. However, I browse e-mercenary sites like…

sql-injection ruby

asked Jul 26 '16 at 19:53

El Chapo Gluzman

123
5

2

votes

0 answers

Token based authentication: Why invalidate the token after each request?

I use the gem devise_token_auth while developing an API for a mobile app. Authors claim that: Tokens should be invalidated after each request to the API. This behavior is enabled by default. Can someone explains why? The perfect answer will…

authentication token api ruby

asked Feb 20 '16 at 13:52

rdupz

131
1

2

votes

1 answer

AES encryption between Java and Ruby: what is the default mode and padding for AES in Java?

I'm writing a ruby app that needs to create some encryption that our java app needs to be able to decrypt. For this I have done some research, and I have this Java code now: Cipher cipher = Cipher.getInstance("AES"); While in the doc says the…

encryption aes java ruby

asked Sep 20 '15 at 00:15

cfernandezlinux

281
4
15

1

vote

1 answer

Implement GPG Verification (Bitcoin-OTC)

I'm looking to implement a "Verify with Bitcoin-OTC" feature for my web app. The general idea is the user would prove he owns a particular account on the external site Bitcoin-OTC and my app would accept/deny him based on his rating there. Here's…

pgp gnupg one-time-password bitcoin ruby

asked Feb 06 '15 at 18:57

Maros

113
6

1

vote

1 answer

Checking if current user exists before executing code

In one of my controllers I have this method: def method_name if current_user @model = Model.find(params[:id]) if @model.destroy flash.alert = 'Model deleted successfully' redirect_to models_path end end …

rails ruby

asked May 13 '14 at 14:35

Stefanos.Ioannou

111
1
6

1

vote

2 answers

What is an XML round trip vulnerability?

I keep hearing about the XML round trip vulnerability in version 3.2.4 of the Ruby package REXML. I looked into it myself, of course, and it seems to have something to do with parsing an XML document, then putting it back into XML again, and it…

known-vulnerabilities xml ruby

asked May 01 '21 at 00:32

Alex V

190
6

Questions tagged [ruby]