Re: Pentesting RoR



I recommend becoming familiar with the Rails framework. Since the
construction of an application is normalized to a certain format,
certain risks are normalized as well. If you read up on REST
development, you can also get insight in to safe and unsafe URLs that
exist within the Rails framework.

On 7/16/07, Mister Dookie <misterdookie@xxxxxxxxx> wrote:
So a client is setting up a webapp written in Ruby on Rails with a
MySQL backend.

I do not have much experience with Ruby exploits or SQL injection against Ruby.

Can some list members give me some insight or point me in the right
direction? I know the new Metasploit is written using Ruby. Does that
make it a better pentest platform (just one of the tools) for me?
Thanks! Regards, John




Relevant Pages

  • Introduction article on Ruby on Rail published
    ... The Methods & Tools newsletter has just released in its html archive ... section the article "An Introduction to Web Development Using the Ruby ... on Rails Framework". ...
    (alt.php)
  • Introduction article on Ruby on Rail published
    ... The Methods & Tools newsletter has just released in its html archive ... section the article "An Introduction to Web Development Using the Ruby ... on Rails Framework". ...
    (comp.lang.python)
  • Re: Is Ruby RAILS really suitable for modern Web Development ?
    ... I would say the majority of the Rails framework is about the server ... client-side GUI application that connects to a Rails-based ... In fact even the GUI could be written in Ruby since there ... Still, there is a lot to be said for a good, modern web-browser ...
    (comp.lang.ruby)
  • Re: Re[2]: Which OS do you use with Ruby
    ... Web-applications, primarily written with Rails framework ... Ruby can also be used to write desktop applications. ...
    (comp.lang.ruby)
  • Re: How das Ruby work
    ... that give an insight what really happens behind the scenes and that ... explains the technical details of Ruby; ... Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org ...
    (comp.lang.ruby)