Find cross-site scripting errors in your Bluemix application with AppScan Dynamic Analyzer

In this short demo video, Ori Pomerantz shows a Bluemix
application that has a cross-site scripting error in it. Then he
shows how to add the AppScan Dynamic Analyzer service to the
application and run a scan. He shows that the scan report
detects the cross-site scripting error and provides guidance on
how to fix it.


IBM Security AppScan Standard: Scan and analyze results

This is a summary guide to getting started scanning for web application
vulnerabilities with IBM Security AppScan Standard Edition and analyzing the results.
Watch a video demonstration to learn how to configure AppScan for a dynamic scan of a
new application. Follow a case study that demonstrates using AppScan Standard to scan
and test two web applications. Watch a five-step process to help you analyze the
results of your scan. Then watch a real-life scenario in which AppScan Standard is
used (with AppScan Source) to establish embedded security analysis. A bonus is also
included: An AppScan Standard guide to testing mobile applications.


Why software quality assurance and IT security need to work together

This article describes a new approach to security, with the software
development and software quality assurance teams working together to be
exponentially more effective. It explains how quality assurance processes can
help IT be more secure and how IT security can help secure the test
environment more efficiently. Readers will also learn how to incorporate
security testing better into the software development life cycle.


Seeing Past Trojan.Hydraq’s Obfuscation

While Trojan.Hydraq has been described as sophisticated, the methods used to obfuscate the code are relatively straight forward to deobfuscate.  Trojan.Hydraq has spaghetti code, which is a technique used to make analyzing the code of program more difficult.  The basic blocks of a function are identified, and then completely rearranged so one cannot easily follow the code in a linear fas
Read More


  • No Related Posts

What dir should I deploy Rails apps into?

What would be a reasonable and logical directory into which to deploy my production Rails apps on a Linux system?

Some candidates…

/var/rails  <= There's a /var/www so this would be consistent with that 
               pattern. But I.T. guys have complained about stuff in /var 

/home/my_home_dir/rails  <= OK, not /var, but I'm not the only developer. 
                            Seems like it really ought to be a systemwide

/home/rails  <= I don't know. That just seems weird.

/rails  <= Seems even weirder.

What is the least astonishing, most normal thing to do here?

(Background info — a Rails app is a bunch of server side code written in Ruby along with a public dir containing JavaScript, CSS, and maybe a little HTML. The public dir is mapped to an Apache vhost. Apache handles the Ruby code through a module called Passenger or mod_rails.)

Thanks for the help, all. I think I’m going to go with /opt/deployed_rails_apps. (I like long, expository directory names, and tab completion.) /var/... is also a good place, but I’ve gotten stern grumbling from I.T. when I tried to deploy stuff there. If it were my own machine I might go with /var or /srv.