Security Basics mailing list archives
Re: Pentesting RoR
From: "Flipped Bit" <flippedbit () gmail com>
Date: Wed, 25 Jul 2007 11:31:33 -0500
I recommend becoming familiar with the Rails framework. Since the construction of an application is normalized to a certain format, certain risks are normalized as well. If you read up on REST development, you can also get insight in to safe and unsafe URLs that exist within the Rails framework. On 7/16/07, Mister Dookie <misterdookie () gmail com> wrote:
So a client is setting up a webapp written in Ruby on Rails with a MySQL backend. I do not have much experience with Ruby exploits or SQL injection against Ruby. Can some list members give me some insight or point me in the right direction? I know the new Metasploit is written using Ruby. Does that make it a better pentest platform (just one of the tools) for me? Thanks! Regards, John
Current thread:
- Pentesting RoR Mister Dookie (Jul 16)
- Re: Pentesting RoR Flipped Bit (Jul 25)