Oct 5th, 2006

Comments: 0
Category: Web Security
Read More

Really interesting study on the prevalence of SQL injection

Michael Sutton’s Blog : How Prevalent Are SQL Injection Vulnerabilities? Really interesting study showing that of a sample population of web apps. live on the Internet 11.3% had SQL injection vulnerabilities. I also thought it was very interesting to see how a combination of the googleAPI and some relatively simple coding can be turned into […]

Sep 28th, 2006

Comments: 0
Category: Ruby On Rails
Read More

Learn something new… every 30 minutes

Re: (newbie) Why doesn’t this line work? Every time I work on my app. I feel like I learn something new about every 30 minutes… this time it was that the :confirm parameter on :link_to (which pops up a confirmation box when you click a link), is an HTML option and thus needs syntax like […]

Sep 28th, 2006

Comments: 0
Category: Ruby On Rails
Read More

Dependant Destruction and the problems with Rails books

true anymore” href=”http://weblog.rubyonrails.com/2006/04/28/associations-arent-dependent-true-anymore/”>Riding Rails: Associations aren’t :dependent => true anymore Some useful info. about how :dependent works in rails 1.1+ . Handy if you’ve got items that are dependent on one another and want to get rid of the child objects when you delete the parent. the other part of this post is a continuation […]

Sep 26th, 2006

Comments: 0
Category: Linux
Read More

Seriously Cool – Easy IE on linux

IEs 4 Linux – Internet Explorers for Linux Now this is mega-cool. an Easy script to download and install IE on a Linux box… This definately removes one of my few remaining reasons to ever boot into a windows VM.

Sep 26th, 2006

Comments: 0
Category: Web Security
Read More

XSRF example

Google Cross-site Request Forgery Cross Site Request Forgery is one of those vulnerability classes that can be a bit tricky to explain, so it’s always nice to find a decent live example. This one’s pretty harmless, just changes your google languange preferences, but I reckon that we’ll see a real growth in this kind of […]

Sep 20th, 2006

Comments: 0
Category: Ruby On Rails
Read More

Fix for XSS problems wih in_place_edit

In_place_edit_for with validation and sanitization I’ve started having a look at my little rails app. I’m writing with a security persons hat on and one of the problems I’ve run into is that you can’t by default use the h() function with an in place edit control. So this link has a solution for that… […]