Artwork

İçerik Security – Software Engineering Daily tarafından sağlanmıştır. Bölümler, grafikler ve podcast açıklamaları dahil tüm podcast içeriği doğrudan Security – Software Engineering Daily veya podcast platform ortağı tarafından yüklenir ve sağlanır. Birinin telif hakkıyla korunan çalışmanızı izniniz olmadan kullandığını düşünüyorsanız burada https://tr.player.fm/legal özetlenen süreci takip edebilirsiniz.
Player FM - Podcast Uygulaması
Player FM uygulamasıyla çevrimdışı Player FM !

MRuby and Language Security with Daniel Bovensiepen

57:34
 
Paylaş
 

Arşivlenmiş dizi ("Etkin olmayan yayın" status)

When? This feed was archived on July 28, 2022 13:09 (1+ y ago). Last successful fetch was on April 07, 2022 07:18 (2y ago)

Why? Etkin olmayan yayın status. Sunucularımız bir süredir geçerli bir podcast beslemesi alamadı

What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.

Manage episode 182963500 series 1438211
İçerik Security – Software Engineering Daily tarafından sağlanmıştır. Bölümler, grafikler ve podcast açıklamaları dahil tüm podcast içeriği doğrudan Security – Software Engineering Daily veya podcast platform ortağı tarafından yüklenir ve sağlanır. Birinin telif hakkıyla korunan çalışmanızı izniniz olmadan kullandığını düşünüyorsanız burada https://tr.player.fm/legal özetlenen süreci takip edebilirsiniz.

Shopify is a company that helps customers build custom online storefronts. Shopify has built upon the same Ruby on Rails application since the founding of their business 12 years ago starting with Rails 0.5 and moving all the way to Rails 5.

MRuby is a lightweight implementation of the Ruby language. Shopify made the decision to use mruby to allow customers to create custom scripts that are run every time a customer adds items to their cart. However, since mruby was a language implementation that was not widely used, Shopify opted to post a Bug Bounty to the HackerOne bug bounty platform to find security vulnerabilities in their use of mruby. What followed was a payout of over $500,000 as report after report flooded in of security vulnerabilities inside mruby itself. There was so many reports that Shopify made the decision to sandbox the mruby execution into separate processes and decreased the bounty awards by 90%.

In this episode, Jeremy Jung interviews Daniel Bovensiepen (BOH-ven-see-pen) about mruby and the Shopify bug bounty.

Show Notes

Mruby: http://mruby.org/

The $500,000 release: http://mruby.sh/201703270126.html

HackerOne bounty page: https://hackerone.com/shopify-scripts

American Fuzzy Lop: http://lcamtuf.coredump.cx/afl/

The post MRuby and Language Security with Daniel Bovensiepen appeared first on Software Engineering Daily.

  continue reading

73 bölüm

Artwork
iconPaylaş
 

Arşivlenmiş dizi ("Etkin olmayan yayın" status)

When? This feed was archived on July 28, 2022 13:09 (1+ y ago). Last successful fetch was on April 07, 2022 07:18 (2y ago)

Why? Etkin olmayan yayın status. Sunucularımız bir süredir geçerli bir podcast beslemesi alamadı

What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.

Manage episode 182963500 series 1438211
İçerik Security – Software Engineering Daily tarafından sağlanmıştır. Bölümler, grafikler ve podcast açıklamaları dahil tüm podcast içeriği doğrudan Security – Software Engineering Daily veya podcast platform ortağı tarafından yüklenir ve sağlanır. Birinin telif hakkıyla korunan çalışmanızı izniniz olmadan kullandığını düşünüyorsanız burada https://tr.player.fm/legal özetlenen süreci takip edebilirsiniz.

Shopify is a company that helps customers build custom online storefronts. Shopify has built upon the same Ruby on Rails application since the founding of their business 12 years ago starting with Rails 0.5 and moving all the way to Rails 5.

MRuby is a lightweight implementation of the Ruby language. Shopify made the decision to use mruby to allow customers to create custom scripts that are run every time a customer adds items to their cart. However, since mruby was a language implementation that was not widely used, Shopify opted to post a Bug Bounty to the HackerOne bug bounty platform to find security vulnerabilities in their use of mruby. What followed was a payout of over $500,000 as report after report flooded in of security vulnerabilities inside mruby itself. There was so many reports that Shopify made the decision to sandbox the mruby execution into separate processes and decreased the bounty awards by 90%.

In this episode, Jeremy Jung interviews Daniel Bovensiepen (BOH-ven-see-pen) about mruby and the Shopify bug bounty.

Show Notes

Mruby: http://mruby.org/

The $500,000 release: http://mruby.sh/201703270126.html

HackerOne bounty page: https://hackerone.com/shopify-scripts

American Fuzzy Lop: http://lcamtuf.coredump.cx/afl/

The post MRuby and Language Security with Daniel Bovensiepen appeared first on Software Engineering Daily.

  continue reading

73 bölüm

Wszystkie odcinki

×
 
Loading …

Player FM'e Hoş Geldiniz!

Player FM şu anda sizin için internetteki yüksek kalitedeki podcast'leri arıyor. En iyi podcast uygulaması ve Android, iPhone ve internet üzerinde çalışıyor. Aboneliklerinizi cihazlar arasında eş zamanlamak için üye olun.

 

Hızlı referans rehberi