People finding new uses for Google's Code search engine
<a title="Death By Comet
Raesene's Ramblings
Security Geek, Kubernetes, Docker, Ruby, Hillwalking
<a title="Death By Comet
Michael Sutton's Blog : How Prevalent Are SQL Injection Vulnerabilities?
Really interesting study showing that of a sample population of web apps. live on the Internet 11.3% had SQL injection vulnerabilities.
I also thought it was very interesting to see how a combination of the googleAPI and some relatively simple coding can be turned into a very powerful vulnerability finding mechanism.
I've been doing some SQL injection work on recent tests and it's amazing how much information you can get from a database through one error message, it's pretty trivial (especially if automated) to enumerate all tables on a database and all databases on a server assuming (which tends to be the case) that the database server hasn't been hardened and the user being used by the web application hasn't been restricted (again tends to be the case)
Thinking about it, it's a little surprising that no-one's gone the extra step and done an automation that auto-roots servers with SQL injection vulns... It would be a fair bit harder than a buffer overflow (lots more variables to take account of like differing database servers and differing results from the initial injection allowing different queries to work) but given the reduced efficacy of worms attacking publicly available services (there's not really been a repeat of slammer in recent years) it would seem to be a viable attack path...
Ruby on Rails Cheat Sheet Collectors Edition
looks like there's loads of useful info. here
Re: (newbie) Why doesn't this line work?
Every time I work on my app. I feel like I learn something new about every 30 minutes...
this time it was that the :confirm parameter on :link_to (which pops up a confirmation box when you click a link), is an HTML option and thus needs syntax like
delete, :id => @item.id}, {:confirm => 'Are you sure?'} %>
true anymore" href="http://weblog.rubyonrails.com/2006/04/28/associations-arent-dependent-true-anymore/">Riding Rails: Associations aren't :dependent => true anymore
Some useful info. about how :dependent works in rails 1.1+ . Handy if you've got items that are dependent on one another and want to get rid of the child objects when you delete the parent.
the other part of this post is a continuation of something I touched on before. Ruby on Rails is great but it really moves too fast for print books. This is a good example.
In my copy of Ruby on Rails: Up and running, the bit on cascading relationships says that you specify :dependent => :true , however that doesn't work (as I found out when I tried it), cue 10 minutes of searching around for the answer which led to the post above.
Now this is probably the most recent book published about RoR and I only got my copy about 3 weeks ago, but I've found more than a couple of areas which don't match up with my rails deployment and I'm not even using Edge rails!
Google Cheat Sheets (Version 1.05)
Interesting. Has all the syntax for google searches on it.
Validating Email Addresses, URLs and IP Formats with Regex in Ruby on Rails
Some handy validator recipes which help you setup "validates_format_of" settings on your models.
IEs 4 Linux - Internet Explorers for Linux
Now this is mega-cool. an Easy script to download and install IE on a Linux box...
This definately removes one of my few remaining reasons to ever boot into a windows VM.
Google Cross-site Request Forgery
Cross Site Request Forgery is one of those vulnerability classes that can be a bit tricky to explain, so it's always nice to find a decent live example. This one's pretty harmless, just changes your google languange preferences, but I reckon that we'll see a real growth in this kind of problem over the next couple of years as "the bad guys"(tm) keep looking for innovative new ways to attack web apps.
In_place_edit_for with validation and sanitization
I've started having a look at my little rails app. I'm writing with a security persons hat on and one of the problems I've run into is that you can't by default use the h() function with an in place edit control. So this link has a solution for that...
One quirk seemed to be when I put in the XSS code </span><script>alert("xss")</script><span> using in_place_edit it escapes it ok, but then each time I click into the field and then click ok it re-escapces the contents, giving an ever expanding field...
still main thing is it gets rid of the xss problem (well from a security point of view anyway)