MountainWest RubyConf 2014 - Generate Parsers! Prevent Exploits! by Nick Howard

Channel:
United States Confreaks
Subscribers:
42,400
Published on ● Video Link: https://www.youtube.com/watch?v=4EwuuSLr2Lk


Duration: 26:50
190 views
2

Exploits happen when attackers discover that your application is actually an interpreter for a weird programming language with operators like 'make admin', or 'consume all available memory'. Don't give them access to that kind of computational power! Stop them at the very boundaries of your application's input handling--the parser. By generating parsers tailored to the specific input formats of your app, you can prevent it from becoming a weird interpreter and make it harder to exploit.
When you use a parser specific to your input format, it's not only more secure, it's better specified and definite. When you have a grammar for your inputs, you can give your API consumers better error messages and better documentation based on that grammar.
Using Ruby's metaprogramming superpowers, doing this doesn't have to be a painful process. I've been working on a library called Muskox that aims to make generating parsers almost as simple as using Rails 4's Strong Parameters. Writing code to secure your app's inputs should be easy, fun and fast.

Help us caption & translate this video!

http://amara.org/v/FG2h/



Other Videos By Confreaks


2014-04-23MountainWest RubyConf 2014 - A World Without Assignment by Aja Hammerly
2014-04-23MountainWest RubyConf 2014 - Five machine learning techniques that....
2014-04-23MountainWest RubyConf 2014 - Affordance in Programming Languages by Randy Coulman
2014-04-22MountainWest RubyConf 2014 - Dont. by Ernie Miller
2014-04-22MountainWest RubyConf 2014 - Big O in a Homemade Hash by Nathan Long
2014-04-22MountainWest RubyConf 2014 - Re-thinking Regression Testing by Mario Gonzalez
2014-04-22MountainWest RubyConf 2014 - Unpacking Technical Decisions by Sarah Mei
2014-04-22MountainWest RubyConf 2014 - The Other Junk Drawer: My Tests are a Mess
2014-04-22MountainWest RubyConf 2014 - New Ruby 2.1 Awesomeness: Pro Object Allocation Tracing
2014-04-22MountainWest RubyConf 2014 - Introduction to CRuby source code by Andy Pliszka
2014-04-22MountainWest RubyConf 2014 - Generate Parsers! Prevent Exploits! by Nick Howard
2014-04-22MountainWest RubyConf 2014 - A Magical Gathering by Aaron Patterson
2014-04-22EmberConf 2014 Mr Router Embraces the Controller by Alex Matchneer
2014-04-21EmberConf 2014 The {{x-foo}} in You by Ryan Florence
2014-04-21EmberConf 2014 Convergent/Divergent by Christopher Meiklejohn
2014-04-21EmberConf 2014 Software Productivity and Ember: Ember CLI by Stef Penner
2014-04-21EmberConf 2014 Ember is for the Children by DeVaris Brown
2014-04-19MountainWest Devops 2014 - Automating cloud factories and the internet assembly line with SaltStack
2014-04-19MountainWest Devops 2014 - Introduction to Docker by James Turnbull
2014-04-19MountainWest Devops 2014 - How I Learned to Stop Worrying and Love DevOps
2014-04-19MountainWest Devops 2014 - The Immutable Pipeline by Chris Gaffney