Re: Pentesting RoR

["Flipped Bit" <flippedbit () gmail com>]

I recommend becoming familiar with the Rails framework.  Since the
construction of an application is normalized to a certain format,
certain  risks are normalized as well.  If you read up on REST
development, you can also get insight in to safe and unsafe URLs that
exist within the Rails framework.

On 7/16/07, Mister Dookie <misterdookie () gmail com> wrote:
> So a client is setting up a webapp written in Ruby on Rails with a
> MySQL backend.
>
> I do not have much experience with Ruby exploits or SQL injection against Ruby.
>
> Can some list members give me some insight or point me in the right
> direction? I know the new Metasploit is written using Ruby. Does that
> make it a better pentest platform (just one of the tools) for me?
> Thanks! Regards, John