Joernchen (Phenoelit)

HITB LAB TITLE:  Attacking Ruby on Rails Applications

HITB LAB ABSTRACT:

Ruby on Rails (RoR) is an open source web application framework based on the Ruby programming language. RoR has gained much attention in the recent past due to several severe flaws within the framework itself.

In this HITB Lab session we will take a closer look at attacking Ruby on Rails applications. Starting with a basic overview of the Rails framework and its security mechanisms, we continue with common developer pitfalls and a look at both general web application flaws as well as RoR specific issues.  Along with this, some interesting security aspects of the framework itself will be elaborated including the recent Remote Code Execution bugs as well as some extensions of these flaws.

All in all, attendees can expect a code centric walk-through of Ruby on Rails with a strong focus on the security mechanisms and its faults. Participants in this session should come with laptops already installed with Burp Suite, curl and Ruby.

ABOUT JOERNCHEN

joernchen likes to read. His main points of interest are in enjoying the reading of other people’s source code, as well as the inspection of interesting binary data in order to extend given systems functionality to unexpected limits. Main area of his research in the last couple of years were typical Ruby on Rails application flaws as well as issues within the framework itself.