Attacking Ruby on Rails

I want to share a interesting reading that I noticed when searching Mr. G for Ruby security. I still didn’t finished reading it because lack of time but this weekend this will be on my to-do list. Paper: http://phrack.org/papers/attacking_ruby_on_rails.html

Bug Hunter Appreciation Programs

Interesting reading about security bug bounty written by Eduardo Vela – http://sirdarckcat.blogspot.pt/2015/09/not-about-money.html You got to love this part: It is my view, that we shouldn’t call them “Bug Bounty Programs”, I would like them to be called “Bug Hunter Appreciation Programs”. I don’t like the term “Bug Bounty”, because bounty sounds a lot like it’s money… Continue reading Bug Hunter Appreciation Programs

Yahoo! and other sites vulnerable to Open Redirect

A couple of portuguese security researchers published a article about a vulnerability on Linkedin and Yahoo! that allows a malicious user to redirect victims to other sites. The problem is/was located on a vulnerable version of Express – Node.js web application framework. So with a simple modification in the URL you get a Open Redirect… Continue reading Yahoo! and other sites vulnerable to Open Redirect