HackDig : Dig high-quality web security articles for hackers

Quick way to view ruby gems

This post is a very short and very simple tip for easily opening a ruby gem up for closer inspection.When reviewing a Rails or Sinatra application (code review), it sometimes becomes necessary to view the libraries (ruby gems) that an application is including and using. Instead of navigating to the ~/.rvm/gems/<version>@<gemset name>  direct
Publish At:2014-08-12 02:15 | Read:2390 | Comments:0 | Tags:cktricky

Bundler-Audit -> Auditing your RubyGems

Ruby applications that utilize a Gemfile/Gemfile.lock, file(s) that contain the list of ruby gems an application should use along with their respective version number, can now be audited to determine if those libraries are vulnerable.Credit to postmodern for developing the auditing gem and also to RubySec for creating the ruby-adviso
Publish At:2014-08-12 02:15 | Read:4169 | Comments:0 | Tags:cktricky

Rails - Guard, Brakeman, and Bundler-Audit

Thanks to the efforts of Justin Collins (@presidentbeef - Brakeman)  and Hal Brodigan (@postmodern_mod3 - Bundler-Audit), Rails developers (and Sinatra) can use these two tools in tandem with Guard to protect their applications while under development. For those who aren't familiar, Guard was designed to run while you are developing, when you save a fil
Publish At:2014-08-12 02:15 | Read:3772 | Comments:0 | Tags:cktricky