SlideShare a Scribd company logo

Ruby and Framework Security

Download as PPTX, PDF
Creston Jamison
Creston Jamison

I discuss how to keep up to date on the security disclosures for Ruby and frameworks such as Rails and Sinatra. I cover all the different places to receive notifications for all of the services in my application stack.

Software
1 of 7
Ruby & Framework Security Creston Jamison Ruby Tree Software, Inc.
Security???  Heartbleed  Shellshock  Poodle  Drupal SQL injection vulnerability – compromised within hours  Next?
Up to date on your stack?  OS + services?  Database?  Web server?  Ruby?  Rails / Sinatra?  Gems?
Example Stack  Ubuntu: https://lists.ubuntu.com/mailman/listinfo/ubuntu -security-announce  Ruby: https://groups.google.com/forum/#!forum/ruby-security- ann  Rails: https://groups.google.com/forum/#!forum/ruby onrails-security  Nginx: http://forum.nginx.org/list.php?27  Postgres: http://www.postgresql.org/support/security/
Gems?  Check them all?  Use ‘gem outdated’  Discussion on signing but no notification: http://guides.rubygems.org/security/  http://www.rubysec.com/  https://gemcanary.com/
What about your code?  Brakeman: http://brakemanscanner.org/
Questions? Creston Jamison @crestonjamison creston.jamison@rubytreesoftware.com

Recommended

Null bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationNull bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationAnant Shrivastava
 
SSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOSSSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOSAnant Shrivastava
 
העתיד כבר כאן - שימוש בטכנולוגיות החדשות כבר היום
העתיד כבר כאן - שימוש בטכנולוגיות החדשות כבר היוםהעתיד כבר כאן - שימוש בטכנולוגיות החדשות כבר היום
העתיד כבר כאן - שימוש בטכנולוגיות החדשות כבר היוםRonny Orbach
 
Перевірка роботи McAfee ENS. MVISION Insights SUNBURST.
Перевірка роботи McAfee ENS. MVISION Insights SUNBURST.Перевірка роботи McAfee ENS. MVISION Insights SUNBURST.
Перевірка роботи McAfee ENS. MVISION Insights SUNBURST.Vladyslav Radetsky
 
Jersey Aquarium Paris
Jersey Aquarium ParisJersey Aquarium Paris
Jersey Aquarium ParisAlexis Moussine-Pouchkine
 
Nodevember 2015
Nodevember 2015Nodevember 2015
Nodevember 2015Adam Baldwin
 
RBAC in Swift
RBAC in SwiftRBAC in Swift
RBAC in SwiftHisashiOsanai
 
Node Day - Node.js Security in the Enterprise
Node Day - Node.js Security in the EnterpriseNode Day - Node.js Security in the Enterprise
Node Day - Node.js Security in the EnterpriseAdam Baldwin
 

Recommended

Null bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationNull bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationAnant Shrivastava
 
SSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOSSSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOSAnant Shrivastava
 
העתיד כבר כאן - שימוש בטכנולוגיות החדשות כבר היום
העתיד כבר כאן - שימוש בטכנולוגיות החדשות כבר היוםהעתיד כבר כאן - שימוש בטכנולוגיות החדשות כבר היום
העתיד כבר כאן - שימוש בטכנולוגיות החדשות כבר היוםRonny Orbach
 
Перевірка роботи McAfee ENS. MVISION Insights SUNBURST.
Перевірка роботи McAfee ENS. MVISION Insights SUNBURST.Перевірка роботи McAfee ENS. MVISION Insights SUNBURST.
Перевірка роботи McAfee ENS. MVISION Insights SUNBURST.Vladyslav Radetsky
 
Jersey Aquarium Paris
Jersey Aquarium ParisJersey Aquarium Paris
Jersey Aquarium ParisAlexis Moussine-Pouchkine
 
Nodevember 2015
Nodevember 2015Nodevember 2015
Nodevember 2015Adam Baldwin
 
RBAC in Swift
RBAC in SwiftRBAC in Swift
RBAC in SwiftHisashiOsanai
 
Node Day - Node.js Security in the Enterprise
Node Day - Node.js Security in the EnterpriseNode Day - Node.js Security in the Enterprise
Node Day - Node.js Security in the EnterpriseAdam Baldwin
 
A few words on WordPress security
A few words on WordPress securityA few words on WordPress security
A few words on WordPress securityPieter Daalder
 
Tale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learnedTale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learnedAnant Shrivastava
 
Web Application Firewall - Friend of your DevOps Pipeline?
Web Application Firewall - Friend of your DevOps Pipeline?Web Application Firewall - Friend of your DevOps Pipeline?
Web Application Firewall - Friend of your DevOps Pipeline?Franziska Buehler
 
Pxosys Webinar Amplify your Security
Pxosys Webinar Amplify your SecurityPxosys Webinar Amplify your Security
Pxosys Webinar Amplify your Security🏆Ruben Cocheno💭
 
Instalar un repositorio_centos
Instalar un repositorio_centosInstalar un repositorio_centos
Instalar un repositorio_centosJames Jara
 
Node.JS security
Node.JS securityNode.JS security
Node.JS securityDeepu S Nath
 
Installar un paquete_rpm_linux
Installar un paquete_rpm_linuxInstallar un paquete_rpm_linux
Installar un paquete_rpm_linuxJames Jara
 
Ssl slides
Ssl slidesSsl slides
Ssl slidesregnak2012
 
Install oracle oam web gate on windows
Install oracle oam web gate on windowsInstall oracle oam web gate on windows
Install oracle oam web gate on windowsOsama Mustafa
 
Installing Complex Event Processing On Linux
Installing Complex Event Processing On LinuxInstalling Complex Event Processing On Linux
Installing Complex Event Processing On LinuxOsama Mustafa
 
Advanced mainframe hacking
Advanced mainframe hackingAdvanced mainframe hacking
Advanced mainframe hackingPhilip Young
 
Amazon CloudFront Seminar Accelerated TLS/SSL Adoption
Amazon CloudFront Seminar Accelerated TLS/SSL AdoptionAmazon CloudFront Seminar Accelerated TLS/SSL Adoption
Amazon CloudFront Seminar Accelerated TLS/SSL AdoptionHayato Kiriyama
 
Stop disabling SELinux!
Stop disabling SELinux!Stop disabling SELinux!
Stop disabling SELinux!Maciej Lasyk
 
Philip young current state of mainframe hacking - vanguard - 101016
Philip young current state of mainframe hacking - vanguard - 101016Philip young current state of mainframe hacking - vanguard - 101016
Philip young current state of mainframe hacking - vanguard - 101016Philip Young
 
Get Started ZF3
Get Started ZF3Get Started ZF3
Get Started ZF3Juliano Santos
 
Install edq on linux
Install edq on linuxInstall edq on linux
Install edq on linuxOsama Mustafa
 
PHP {in}security
PHP {in}securityPHP {in}security
PHP {in}securityMichael Clark
 
SpringOne Tour Denver - Spring Cloud Gateway
SpringOne Tour Denver - Spring Cloud GatewaySpringOne Tour Denver - Spring Cloud Gateway
SpringOne Tour Denver - Spring Cloud GatewayVMware Tanzu
 
What’s new in cas 4.2
What’s new in cas 4.2 What’s new in cas 4.2
What’s new in cas 4.2 Misagh Moayyed
 
Joomla! Day Poland 2012 - Active Security for Joomla! sites
Joomla! Day Poland 2012 - Active Security for Joomla! sitesJoomla! Day Poland 2012 - Active Security for Joomla! sites
Joomla! Day Poland 2012 - Active Security for Joomla! sitesNicholas Dionysopoulos
 
Petit DéJeuner Industrialisation 13 10 2011 Eurosites
Petit DéJeuner Industrialisation 13 10 2011 EurositesPetit DéJeuner Industrialisation 13 10 2011 Eurosites
Petit DéJeuner Industrialisation 13 10 2011 EurositesHervé Leclerc
 
Ruby Daemons
Ruby DaemonsRuby Daemons
Ruby DaemonsCreston Jamison
 

More Related Content

What's hot

A few words on WordPress security
A few words on WordPress securityA few words on WordPress security
A few words on WordPress securityPieter Daalder
 
Tale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learnedTale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learnedAnant Shrivastava
 
Web Application Firewall - Friend of your DevOps Pipeline?
Web Application Firewall - Friend of your DevOps Pipeline?Web Application Firewall - Friend of your DevOps Pipeline?
Web Application Firewall - Friend of your DevOps Pipeline?Franziska Buehler
 
Pxosys Webinar Amplify your Security
Pxosys Webinar Amplify your SecurityPxosys Webinar Amplify your Security
Pxosys Webinar Amplify your Security🏆Ruben Cocheno💭
 
Instalar un repositorio_centos
Instalar un repositorio_centosInstalar un repositorio_centos
Instalar un repositorio_centosJames Jara
 
Installar un paquete_rpm_linux
Installar un paquete_rpm_linuxInstallar un paquete_rpm_linux
Installar un paquete_rpm_linuxJames Jara
 
Install oracle oam web gate on windows
Install oracle oam web gate on windowsInstall oracle oam web gate on windows
Install oracle oam web gate on windowsOsama Mustafa
 
Installing Complex Event Processing On Linux
Installing Complex Event Processing On LinuxInstalling Complex Event Processing On Linux
Installing Complex Event Processing On LinuxOsama Mustafa
 
Advanced mainframe hacking
Advanced mainframe hackingAdvanced mainframe hacking
Advanced mainframe hackingPhilip Young
 
Amazon CloudFront Seminar Accelerated TLS/SSL Adoption
Amazon CloudFront Seminar Accelerated TLS/SSL AdoptionAmazon CloudFront Seminar Accelerated TLS/SSL Adoption
Amazon CloudFront Seminar Accelerated TLS/SSL AdoptionHayato Kiriyama
 
Stop disabling SELinux!
Stop disabling SELinux!Stop disabling SELinux!
Stop disabling SELinux!Maciej Lasyk
 
Philip young current state of mainframe hacking - vanguard - 101016
Philip young current state of mainframe hacking - vanguard - 101016Philip young current state of mainframe hacking - vanguard - 101016
Philip young current state of mainframe hacking - vanguard - 101016Philip Young
 
Install edq on linux
Install edq on linuxInstall edq on linux
Install edq on linuxOsama Mustafa
 
SpringOne Tour Denver - Spring Cloud Gateway
SpringOne Tour Denver - Spring Cloud GatewaySpringOne Tour Denver - Spring Cloud Gateway
SpringOne Tour Denver - Spring Cloud GatewayVMware Tanzu
 
What’s new in cas 4.2
What’s new in cas 4.2 What’s new in cas 4.2
What’s new in cas 4.2 Misagh Moayyed
 
Joomla! Day Poland 2012 - Active Security for Joomla! sites
Joomla! Day Poland 2012 - Active Security for Joomla! sitesJoomla! Day Poland 2012 - Active Security for Joomla! sites
Joomla! Day Poland 2012 - Active Security for Joomla! sitesNicholas Dionysopoulos
 

What's hot (20)

A few words on WordPress security
A few words on WordPress securityA few words on WordPress security
A few words on WordPress security
 
Tale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learnedTale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learned
 
Web Application Firewall - Friend of your DevOps Pipeline?
Web Application Firewall - Friend of your DevOps Pipeline?Web Application Firewall - Friend of your DevOps Pipeline?
Web Application Firewall - Friend of your DevOps Pipeline?
 
Pxosys Webinar Amplify your Security
Pxosys Webinar Amplify your SecurityPxosys Webinar Amplify your Security
Pxosys Webinar Amplify your Security
 
Instalar un repositorio_centos
Instalar un repositorio_centosInstalar un repositorio_centos
Instalar un repositorio_centos
 
Node.JS security
Node.JS securityNode.JS security
Node.JS security
 
Installar un paquete_rpm_linux
Installar un paquete_rpm_linuxInstallar un paquete_rpm_linux
Installar un paquete_rpm_linux
 
Ssl slides
Ssl slidesSsl slides
Ssl slides
 
Install oracle oam web gate on windows
Install oracle oam web gate on windowsInstall oracle oam web gate on windows
Install oracle oam web gate on windows
 
Installing Complex Event Processing On Linux
Installing Complex Event Processing On LinuxInstalling Complex Event Processing On Linux
Installing Complex Event Processing On Linux
 
Advanced mainframe hacking
Advanced mainframe hackingAdvanced mainframe hacking
Advanced mainframe hacking
 
Amazon CloudFront Seminar Accelerated TLS/SSL Adoption
Amazon CloudFront Seminar Accelerated TLS/SSL AdoptionAmazon CloudFront Seminar Accelerated TLS/SSL Adoption
Amazon CloudFront Seminar Accelerated TLS/SSL Adoption
 
Stop disabling SELinux!
Stop disabling SELinux!Stop disabling SELinux!
Stop disabling SELinux!
 
Philip young current state of mainframe hacking - vanguard - 101016
Philip young current state of mainframe hacking - vanguard - 101016Philip young current state of mainframe hacking - vanguard - 101016
Philip young current state of mainframe hacking - vanguard - 101016
 
Get Started ZF3
Get Started ZF3Get Started ZF3
Get Started ZF3
 
Install edq on linux
Install edq on linuxInstall edq on linux
Install edq on linux
 
PHP {in}security
PHP {in}securityPHP {in}security
PHP {in}security
 
SpringOne Tour Denver - Spring Cloud Gateway
SpringOne Tour Denver - Spring Cloud GatewaySpringOne Tour Denver - Spring Cloud Gateway
SpringOne Tour Denver - Spring Cloud Gateway
 
What’s new in cas 4.2
What’s new in cas 4.2 What’s new in cas 4.2
What’s new in cas 4.2
 
Joomla! Day Poland 2012 - Active Security for Joomla! sites
Joomla! Day Poland 2012 - Active Security for Joomla! sitesJoomla! Day Poland 2012 - Active Security for Joomla! sites
Joomla! Day Poland 2012 - Active Security for Joomla! sites
 

Viewers also liked

Petit DéJeuner Industrialisation 13 10 2011 Eurosites
Petit DéJeuner Industrialisation 13 10 2011 EurositesPetit DéJeuner Industrialisation 13 10 2011 Eurosites
Petit DéJeuner Industrialisation 13 10 2011 EurositesHervé Leclerc
 
Retour d'expérience sur Capistrano
Retour d'expérience sur CapistranoRetour d'expérience sur Capistrano
Retour d'expérience sur CapistranoOxalide
 
Happy birthday "monUPMC": 9 years of Portal at UPMC
Happy birthday "monUPMC": 9 years of Portal at UPMCHappy birthday "monUPMC": 9 years of Portal at UPMC
Happy birthday "monUPMC": 9 years of Portal at UPMCLudovic A
 
Retour d'expérience : Mise en place de l'ENT v4 à l'UPMC
Retour d'expérience : Mise en place de l'ENT v4 à l'UPMCRetour d'expérience : Mise en place de l'ENT v4 à l'UPMC
Retour d'expérience : Mise en place de l'ENT v4 à l'UPMCLudovic A
 
Deploiement continu AgileFfrance 2011
Deploiement continu AgileFfrance 2011Deploiement continu AgileFfrance 2011
Deploiement continu AgileFfrance 2011Claude Falguiere
 
GitHub - Présentation
GitHub - PrésentationGitHub - Présentation
GitHub - PrésentationDavid RIEHL
 
Découvrir et utiliser Git : le logiciel de gestion de versions décentralisé
Découvrir et utiliser Git : le logiciel de gestion de versions décentraliséDécouvrir et utiliser Git : le logiciel de gestion de versions décentralisé
Découvrir et utiliser Git : le logiciel de gestion de versions décentraliséECAM Brussels Engineering School
 
Git pour les (pas si) nuls
Git pour les (pas si) nulsGit pour les (pas si) nuls
Git pour les (pas si) nulsMalk Zameth
 
Industrialisez vos projets Php
Industrialisez vos projets Php Industrialisez vos projets Php
Industrialisez vos projets Php ALTER WAY
 
2015 Upload Campaigns Calendar - SlideShare
2015 Upload Campaigns Calendar - SlideShare2015 Upload Campaigns Calendar - SlideShare
2015 Upload Campaigns Calendar - SlideShareSlideShare
 
What to Upload to SlideShare
What to Upload to SlideShareWhat to Upload to SlideShare
What to Upload to SlideShareSlideShare
 
Getting Started With SlideShare
Getting Started With SlideShareGetting Started With SlideShare
Getting Started With SlideShareSlideShare
 

Viewers also liked (14)

Petit DéJeuner Industrialisation 13 10 2011 Eurosites
Petit DéJeuner Industrialisation 13 10 2011 EurositesPetit DéJeuner Industrialisation 13 10 2011 Eurosites
Petit DéJeuner Industrialisation 13 10 2011 Eurosites
 
Ruby Daemons
Ruby DaemonsRuby Daemons
Ruby Daemons
 
Retour d'expérience sur Capistrano
Retour d'expérience sur CapistranoRetour d'expérience sur Capistrano
Retour d'expérience sur Capistrano
 
Capistrano 3 Deployment
Capistrano 3 DeploymentCapistrano 3 Deployment
Capistrano 3 Deployment
 
Happy birthday "monUPMC": 9 years of Portal at UPMC
Happy birthday "monUPMC": 9 years of Portal at UPMCHappy birthday "monUPMC": 9 years of Portal at UPMC
Happy birthday "monUPMC": 9 years of Portal at UPMC
 
Retour d'expérience : Mise en place de l'ENT v4 à l'UPMC
Retour d'expérience : Mise en place de l'ENT v4 à l'UPMCRetour d'expérience : Mise en place de l'ENT v4 à l'UPMC
Retour d'expérience : Mise en place de l'ENT v4 à l'UPMC
 
Deploiement continu AgileFfrance 2011
Deploiement continu AgileFfrance 2011Deploiement continu AgileFfrance 2011
Deploiement continu AgileFfrance 2011
 
GitHub - Présentation
GitHub - PrésentationGitHub - Présentation
GitHub - Présentation
 
Découvrir et utiliser Git : le logiciel de gestion de versions décentralisé
Découvrir et utiliser Git : le logiciel de gestion de versions décentraliséDécouvrir et utiliser Git : le logiciel de gestion de versions décentralisé
Découvrir et utiliser Git : le logiciel de gestion de versions décentralisé
 
Git pour les (pas si) nuls
Git pour les (pas si) nulsGit pour les (pas si) nuls
Git pour les (pas si) nuls
 
Industrialisez vos projets Php
Industrialisez vos projets Php Industrialisez vos projets Php
Industrialisez vos projets Php
 
2015 Upload Campaigns Calendar - SlideShare
2015 Upload Campaigns Calendar - SlideShare2015 Upload Campaigns Calendar - SlideShare
2015 Upload Campaigns Calendar - SlideShare
 
What to Upload to SlideShare
What to Upload to SlideShareWhat to Upload to SlideShare
What to Upload to SlideShare
 
Getting Started With SlideShare
Getting Started With SlideShareGetting Started With SlideShare
Getting Started With SlideShare
 

Similar to Ruby and Framework Security

DevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps ToolchainsDevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps ToolchainsChris Gates
 
DDD17 - Web Applications Automated Security Testing in a Continuous Delivery...
DDD17 - Web Applications Automated Security Testing in a Continuous Delivery... DDD17 - Web Applications Automated Security Testing in a Continuous Delivery...
DDD17 - Web Applications Automated Security Testing in a Continuous Delivery...Fedir RYKHTIK
 
Drupal Efficiency - Coding, Deployment, Scaling
Drupal Efficiency - Coding, Deployment, ScalingDrupal Efficiency - Coding, Deployment, Scaling
Drupal Efficiency - Coding, Deployment, Scalingsmattoon
 
Drupal Efficiency using open source technologies from Sun
Drupal Efficiency using open source technologies from SunDrupal Efficiency using open source technologies from Sun
Drupal Efficiency using open source technologies from Sunsmattoon
 
Drupal Deployment on Solaris - DrupalCamp Bay Area 2007 - Mattoon
Drupal Deployment on Solaris - DrupalCamp Bay Area 2007 - MattoonDrupal Deployment on Solaris - DrupalCamp Bay Area 2007 - Mattoon
Drupal Deployment on Solaris - DrupalCamp Bay Area 2007 - Mattoonsmattoon
 
Linux confau 2019: Web Security 2019
Linux confau 2019: Web Security 2019Linux confau 2019: Web Security 2019
Linux confau 2019: Web Security 2019James Bromberger
 
Shmoocon 2013 - OpenStack Security Brief
Shmoocon 2013 - OpenStack Security BriefShmoocon 2013 - OpenStack Security Brief
Shmoocon 2013 - OpenStack Security Briefopenfly
 
OSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ InfosectrainOSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ InfosectrainInfosecTrain
 
The Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori
The Golden Ticket: Docker and High Security Microservices by Aaron GrattafioriThe Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori
The Golden Ticket: Docker and High Security Microservices by Aaron GrattafioriDocker, Inc.
 
Slackware Demystified [SELF 2011]
Slackware Demystified [SELF 2011]Slackware Demystified [SELF 2011]
Slackware Demystified [SELF 2011]Vincent Batts
 
OWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust Theorem
OWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust TheoremOWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust Theorem
OWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust TheoremOWASP
 
zkStudyClub: Zero-Knowledge Proofs Security, in Practice [JP Aumasson, Taurus]
zkStudyClub: Zero-Knowledge Proofs Security, in Practice [JP Aumasson, Taurus]zkStudyClub: Zero-Knowledge Proofs Security, in Practice [JP Aumasson, Taurus]
zkStudyClub: Zero-Knowledge Proofs Security, in Practice [JP Aumasson, Taurus]Alex Pruden
 
Detection of webshells in compromised perimeter assets using ML algorithms
Detection of webshells in compromised perimeter assets using ML algorithms Detection of webshells in compromised perimeter assets using ML algorithms
Detection of webshells in compromised perimeter assets using ML algorithms Rod Soto
 
Why Sun for Drupal?
Why Sun for Drupal?Why Sun for Drupal?
Why Sun for Drupal?smattoon
 
Serverless security: defence against the dark arts
Serverless security: defence against the dark artsServerless security: defence against the dark arts
Serverless security: defence against the dark artsYan Cui
 
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...CODE BLUE
 
Deploying JRuby Web Applications
Deploying JRuby Web ApplicationsDeploying JRuby Web Applications
Deploying JRuby Web ApplicationsJoe Kutner
 
Open Ha Cluster
Open Ha ClusterOpen Ha Cluster
Open Ha Clustermarx wang
 

Similar to Ruby and Framework Security (20)

DevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps ToolchainsDevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps Toolchains
 
DDD17 - Web Applications Automated Security Testing in a Continuous Delivery...
DDD17 - Web Applications Automated Security Testing in a Continuous Delivery... DDD17 - Web Applications Automated Security Testing in a Continuous Delivery...
DDD17 - Web Applications Automated Security Testing in a Continuous Delivery...
 
Drupal Efficiency - Coding, Deployment, Scaling
Drupal Efficiency - Coding, Deployment, ScalingDrupal Efficiency - Coding, Deployment, Scaling
Drupal Efficiency - Coding, Deployment, Scaling
 
Drupal Efficiency using open source technologies from Sun
Drupal Efficiency using open source technologies from SunDrupal Efficiency using open source technologies from Sun
Drupal Efficiency using open source technologies from Sun
 
Drupal Deployment on Solaris - DrupalCamp Bay Area 2007 - Mattoon
Drupal Deployment on Solaris - DrupalCamp Bay Area 2007 - MattoonDrupal Deployment on Solaris - DrupalCamp Bay Area 2007 - Mattoon
Drupal Deployment on Solaris - DrupalCamp Bay Area 2007 - Mattoon
 
Linux confau 2019: Web Security 2019
Linux confau 2019: Web Security 2019Linux confau 2019: Web Security 2019
Linux confau 2019: Web Security 2019
 
Shmoocon 2013 - OpenStack Security Brief
Shmoocon 2013 - OpenStack Security BriefShmoocon 2013 - OpenStack Security Brief
Shmoocon 2013 - OpenStack Security Brief
 
OSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ InfosectrainOSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ Infosectrain
 
Bug Bounty for - Beginners
Bug Bounty for - BeginnersBug Bounty for - Beginners
Bug Bounty for - Beginners
 
The Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori
The Golden Ticket: Docker and High Security Microservices by Aaron GrattafioriThe Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori
The Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori
 
Slackware Demystified [SELF 2011]
Slackware Demystified [SELF 2011]Slackware Demystified [SELF 2011]
Slackware Demystified [SELF 2011]
 
OWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust Theorem
OWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust TheoremOWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust Theorem
OWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust Theorem
 
zkStudyClub: Zero-Knowledge Proofs Security, in Practice [JP Aumasson, Taurus]
zkStudyClub: Zero-Knowledge Proofs Security, in Practice [JP Aumasson, Taurus]zkStudyClub: Zero-Knowledge Proofs Security, in Practice [JP Aumasson, Taurus]
zkStudyClub: Zero-Knowledge Proofs Security, in Practice [JP Aumasson, Taurus]
 
Detection of webshells in compromised perimeter assets using ML algorithms
Detection of webshells in compromised perimeter assets using ML algorithms Detection of webshells in compromised perimeter assets using ML algorithms
Detection of webshells in compromised perimeter assets using ML algorithms
 
Why Sun for Drupal?
Why Sun for Drupal?Why Sun for Drupal?
Why Sun for Drupal?
 
Serverless security: defence against the dark arts
Serverless security: defence against the dark artsServerless security: defence against the dark arts
Serverless security: defence against the dark arts
 
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
 
Intrusion Techniques
Intrusion TechniquesIntrusion Techniques
Intrusion Techniques
 
Deploying JRuby Web Applications
Deploying JRuby Web ApplicationsDeploying JRuby Web Applications
Deploying JRuby Web Applications
 
Open Ha Cluster
Open Ha ClusterOpen Ha Cluster
Open Ha Cluster
 

Recently uploaded

(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationkaushalgiri8080
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - InfographicHr365.us smith
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsJheuzeDellosa
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfkalichargn70th171
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...aditisharan08
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 

Recently uploaded (20)

(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanation
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - Infographic
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number Systems
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 

Ruby and Framework Security

  • 1. Ruby & Framework Security Creston Jamison Ruby Tree Software, Inc.
  • 2. Security???  Heartbleed  Shellshock  Poodle  Drupal SQL injection vulnerability – compromised within hours  Next?
  • 3. Up to date on your stack?  OS + services?  Database?  Web server?  Ruby?  Rails / Sinatra?  Gems?
  • 4. Example Stack  Ubuntu: https://lists.ubuntu.com/mailman/listinfo/ubuntu -security-announce  Ruby: https://groups.google.com/forum/#!forum/ruby-security- ann  Rails: https://groups.google.com/forum/#!forum/ruby onrails-security  Nginx: http://forum.nginx.org/list.php?27  Postgres: http://www.postgresql.org/support/security/
  • 5. Gems?  Check them all?  Use ‘gem outdated’  Discussion on signing but no notification: http://guides.rubygems.org/security/  http://www.rubysec.com/  https://gemcanary.com/
  • 6. What about your code?  Brakeman: http://brakemanscanner.org/
  • 7. Questions? Creston Jamison @crestonjamison creston.jamison@rubytreesoftware.com