Greg Molnar is a Ruby Developer and OSCP Penetration Tester. He joins the Rogues to talk about Server-Side Request Forgery in Rails. He begins by explaining what Server-Side Request Forgery is and its significance. They also discuss the state of security in Rails and provide their views on the best ways to secure your applications.

Sponsors

• Chuck's Resume Template
• Raygun - Application Monitoring For Web & Mobile Apps
• Become a Top 1% Dev with a Top End Devs Membership

Links

• Server-Side Request Forgery in Rails
• GitLab fixes serious SSRF flaw that exposed orgs’ internal servers | The Daily Swig
• GitHub - rubysec/bundler-audit: Patch-level verification for Bundler
• GitHub - presidentbeef/brakeman: A static analysis security vulnerability scanner for Ruby on Rails applications
• Spektr
•  Heartbleed - Wikipedia
• xkcd: Dependency
• Ghost In The Wires by Kevin Mitnick | Mitnick Security
• Rails SQL Injection examples 
• Securing Rails Applications — Ruby on Rails Guides
•  Burp Suite - Application Security Testing Software - PortSwigger
• Deploying with MRSK | Drifting Ruby

Promoted Links

• This Week in Rails
• The Rails Changelog
• Blob and File APIs
• DocsGPT and adopting OpenAI’s Chat Completions API

Socials

• Greg Molnar
• GitHub: gregmolnar
• Twitter: @GregMolnar

Picks

• Charles - The Crew
• Dave - MM11 Pro Switchable Mic Mute/Talk Professional Microphone Switch | Rolls Corporation - Real Sound
• Valentino - OpenAI’s new model – GPT-4 – GPT-4
• Valentino - This person gives GPT-4 $100 to see how much money it can make – https://twitter.com/jacksonfall/status/1636107218859745286