Subscribe to this list via RSS Blog posts tagged in YAML

Posted by on in Blogs
YAML and Remote Code Execution YAML's security risks are in no way limited to Rails or Ruby. YAML documents should be treated as executable code and firewalled accordingly. Deserializing arbitrary types is user-controlled, arbitrary code execution. It's Not Just Ruby A few weeks ago, I had a need to parse Jasmine's jasmine.yml in some C# code. I spent some time looking at existing YAML parsers for .NET and ended up deciding that spending a couple of hours writing a lightweight, purpose-specific parser for jasmine.yml made m...
  • Page :
  • 1

Check out more tips and tricks in this development video: