Posts Tagged ruby
Catch more than half of these issues by testing, auditing and code reviews
— to learn them before actually using them.
— to learn them before actually learning them the “hard” way in production
— to take a look at alternative to implement the feature without regular expressions (or the one used by your stdlib, language)
— if you use regex, understand the risks
— if you use regex, please write tests for you and your coworkers
— if you use regex, please audit your code (automatically and by human code review)
A presentation on web application security given for lunch.
Too long didn’t read ? Just pick the slide 38.