logo Boston Ruby Group


November 2014 ~ RSS

November 11, 2014

The Soft Underbelly: The Uncommon Attack Vectors You're Not Looking For

by Scott Feinberg

We build web applications, but how do we really know they’re secure? You’re savvy, so you use SSL, bcrypt your passwords, use only key-based authentication, protect your admin passwords and accounts with solid password management, and generally follow the Rails Security Guide. So you’re safe right? Nope. There’s more. A lot more. In 45 minutes, You’ll be introduced to some of the most common attacks fraudsters and hackers use to break into your site. We’ll discuss some of the consequences of your web application being hacked and how to detect and prevent these attacks.

Go Get a Job

by Sean Kelly

Not all work can be done in-band. At some point, you need to run code asynchronously to better scale your system. There are no shortage of off the shelf job systems out there to make this easy, but they all make assumptions or have a certain view point that may not mesh well with your application. Sometimes you need to roll your own, and that isn't always a bad thing. But it's a decision not to be made lightly. In this talk, we'll go over why Tapjoy decided to skip an off the shelf solution, build something from scratch to fit their needs, and finally opening it up to share with the Ruby community at large. We'll go over the technologies we reviewed, why we settled on something custom, how we scale jobs, and some interesting lessons learned about jobs systems, monitoring, and bugs in Ruby itself.