Exploit your Rails application with MetaSploit

Last month, we published an article on Static Security Analysis of your Ruby and Rails applications, but what about the other side of the coin, live application scanning and exploitation?

MetaSploit is a very popular tool for doing both good and evil. It is a penetration tester for insecure systems and also an exploit delivery mechanism for those that might not have the best intentions at heart. However, it is a powerful tool that we can use it to check our servers and applications for known exploitable security issues (hopefully before others beat us to it)!

Keep reading »

permalink

One weird trick to keep your Rails application away from prying eyes during development.

Hackers HATE it.

Have you ever stopped to consider that running


rails server

in development mode is a security risk?

Let’s say you are grooving on some Rails code in a coffee shop or co-working space and fire up rails server, as you do.

Whoa buddy, Put the brakes on! Anyone on that network can now potentially see what you are doing, or even interfere with your dev process by visiting your computer’s IP address with a web browser.

Keep reading…

permalink

Static Security Analysis of your Ruby and Rails Applications

The Ruby community is blessed with a number of great tools to look over your code, and report back to you with actionable stuff that you can do to secure your application against internet threats.

The tools we are looking at in this post are those that use a fancy technique called Static Analysis, which means that they doesn’t actually run your code, but looks for patterns, like params being used in strings that are passed to your database in an unsafe way, even if they are stored in another variable first.

This is a great way to get visibility into the security threats hiding in your application.

Lets talk about a few of them.

Keep reading…

permalink

Rails Training: Prices SLASHED!

Lock me up. I'm a SLASHER! A slasher... OF PRICES!

Call me Simon Skinner1. We really should be locked up for offering seven days of immersive training for $1999. And for that price you get not one Dave, but two.

Whether you’re a first-time programmer, a seasoned developer on another platform, or you’ve decided to train your existing employees (recruiting isn’t always easy), this course is just the thing.

Dave Strus and David Jones of Fretless

Instructors Dave Strus and David Jones of Fretless

Terrified at the very idea of learning to program? We know you can do it. Take 15 minutes, and give Try Ruby a shot. Not so bad, right? This course is for you.

Join us as we build three complete web apps at Eleven Fifty Coding Academy, in the mansion of Eleven Fifty co-founder Scott Jones. At this price (ABSURD, I tell you!), now is the perfect time to learn to program in Ruby. Class runs November 8-14, 2014.


  1. Timothy Dalton’s character from Edgar Wright’s masterpiece Hot Fuzz

permalink