A security advisory has been released for libpng, the "official PNG reference library". Libpng is used by ImageMagick, "a software suite to create, edit, and compose bitmap images". Some Rails applications use it to convert, resize or to create thumbnails. The original security advisory was issued by oCERT:
Applications using libpng that install […]
Here are my slides for my talk at the RubyFools Conference in Copenhagen, home of Rails. It was about advanced Rails security topics, including:
Injection in different contexts
Whitelists vs. Blacklists
Cross-Site Reference Forgery (CSRF)
Intranet and Admin security
Session fixation
Login security
User management
CookieStore
Working with files
The idea of negative CAPTCHAs
Slides at Slideshare
Link to the slides
(You can even recommend me)
Bookmark to
Tags: Rails · WebAppSec · XSS and Rails
Spam and automatic submitters really are a problem. One idea to defend this are CAPTCHAs. CAPTCHAs are noisy images and the user (usually) has to recognize the text in the image and enter it in a field. Although some weak algorithms are already broken, this is a good way to keep junk content away. But […]
Tags: WebAppSec
