#HITB2013AMS HITB LAB: Attacking Ruby on Rails Applications - Joernchen (Phenoelit) - cc @joernchen
HITB LAB TITLE: Attacking Ruby on Rails Applications HITB LAB ABSTRACT: Ruby on Rails (RoR) is an open source web application framework based on the Ruby programming language. RoR has gained much attention in the recent past due to several severe flaws within the framework itself. In this HITB Lab session we will take a closer look at attacking Ruby on Rails applications. Starting with a basic overview of the Rails framework and its security mechanisms, we continue with common developer pitfalls and a look at both general web application flaws as well as RoR specific issues. Along with this, some interesting security aspects of the framework itself will be elaborated including the recent Remote Code Execution bugs as well as some extensions of these flaws. All in all, attendees can expect a code centric walk-through of Ruby on Rails with a strong focus on the security mech...