Our great sponsors
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
The OWASP (Open Web Application Security Project) Community launches a list of the top 10 biggest internet security-risks every year. This post will cover them and also give a demonstration to each one. All the code for the demonstrations is open source. Feel free to fork and add your own demonstrations!
In production code you would most likely use a library for access control, such as CanCanCan
This vulnerability is concerned with flaws in the login and session handling process, such as allowing brute force or other automated attacks, allowing weak passwords, knowledge based answers for password revocery or exposure of the session identifier in the URL. For our demonstration we want to brute force an account on /insecure-login. The brute force code is on (GitHub)[https://github.com/aneshodza/rails-bruter.py]. If we execute it will open an instance of the browser and try to brute force the password. When it finds the correct password it writes that into passwords.txt. This should be prevented by someone that is trying to create a web-app, by, for example, limiting the amount of login tries a person can do or implementing a captcha.