Keep your project in shape #8

Open
gravis opened this Issue Apr 23, 2013 · 2 comments

Comments

Projects
None yet
2 participants

gravis commented Apr 23, 2013

How to write an insecure / buggy / obsolete rails app in less than 5 minutes?

Developers always focus on their code, and almost never on the eco-system around their app. Dependencies can quickly make an app vulnerable, because new security holes are discovered every day.

As we can't read all libraries code we're using in our project, it's kind of hard to determine what side effects could be introduced by using this or this package.

Last but not least, APIs evolve, and so are packages. Sometimes APIs versions are deprecated, and if you don't pay attention to that, your app could stop working one day without notice. Ever worse, some packages can simply stop being maintained, leaving no choice then implementing a new one.

That's why it's important to keep your projects in shape, the longer you wait to make it up-to-date, the harder it will be. There are some tools out there to achieve this, that every developer should know about:

  • gemnasium (dependencies monitoring, and security alerts on them)
  • rubytoolbox (alternatives)
  • brakeman (security scanner)
  • ...

About me

I'm the founder of Tech-Angels, the company behind https://gemnasium.com, a tool to monitor dependencies in Ruby and Node projects.
https://twitter.com/plafoucriere

Contributor

tigrish commented Apr 23, 2013

Awesome! I'll add you to the lineup this afternoon :)

On 23 Apr 2013, at 14:21, Philippe Lafoucrière notifications@github.com wrote:

How to write an insecure / buggy / obsolete rails app in less than 5 minutes?

Developers always focus on their code, and almost never on the eco-system around their app. Dependencies can quickly make an app vulnerable, because new security holes are discovered every day.

As we can't read all libraries code we're using in our project, it's kind of hard to determine what side effects could be introduced by using this or this package.

Last but not least, APIs evolve, and so are packages. Sometimes APIs versions are deprecated, and if you don't pay attention to that, your app could stop working one day without notice. Ever worse, some packages can simply stop being maintained, leaving no choice then implementing a new one.

That's why it's important to keep your projects in shape, the longer you wait to make it up-to-date, the harder it will be. There are some tools out there to achieve this, that every developer should know about:

gemnasium (dependencies monitoring, and security alerts on them)
rubytoolbox (alternatives)
brakeman (security scanner)
...
About me

I'm the founder of Tech-Angels, the company behind https://gemnasium.com, a tool to monitor dependencies in Ruby and Node projects.
https://twitter.com/plafoucriere


Reply to this email directly or view it on GitHub.

gravis commented Apr 23, 2013

That's great!!
Thanks

Philippe Lafoucrière - CEO
http://www.tech-angels.com
main : +33 (0) 970 444 643
mobile : +33 (0) 6 72 63 75 40
fax : +33 (0) 9 72 12 78 75

On Tue, Apr 23, 2013 at 2:33 PM, Christopher Dell
notifications@github.comwrote:

Awesome! I'll add you to the lineup this afternoon :)

On 23 Apr 2013, at 14:21, Philippe Lafoucrière notifications@github.com
wrote:

How to write an insecure / buggy / obsolete rails app in less than 5
minutes?

Developers always focus on their code, and almost never on the
eco-system around their app. Dependencies can quickly make an app
vulnerable, because new security holes are discovered every day.

As we can't read all libraries code we're using in our project, it's
kind of hard to determine what side effects could be introduced by using
this or this package.

Last but not least, APIs evolve, and so are packages. Sometimes APIs
versions are deprecated, and if you don't pay attention to that, your app
could stop working one day without notice. Ever worse, some packages can
simply stop being maintained, leaving no choice then implementing a new
one.

That's why it's important to keep your projects in shape, the longer you
wait to make it up-to-date, the harder it will be. There are some tools out
there to achieve this, that every developer should know about:

gemnasium (dependencies monitoring, and security alerts on them)
rubytoolbox (alternatives)
brakeman (security scanner)
...
About me

I'm the founder of Tech-Angels, the company behind https://gemnasium.com,
a tool to monitor dependencies in Ruby and Node projects.
https://twitter.com/plafoucriere


Reply to this email directly or view it on GitHub.


Reply to this email directly or view it on GitHubhttps://github.com/la-conf/2013-eclair-sessions/issues/8#issuecomment-16855164
.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment