Exploit your Rails application with MetaSploit

Last month, we published an article on Static Security Analysis of your Ruby and Rails applications, but what about the other side of the coin, live application scanning and exploitation?

MetaSploit is a very popular tool for doing both good and evil. It is a penetration tester for insecure systems and also an exploit delivery mechanism for those that might not have the best intentions at heart. However, it is a powerful tool that we can use it to check our servers and applications for known exploitable security issues (hopefully before others beat us to it)!

Keep reading »

permalink

One weird trick to keep your Rails application away from prying eyes during development.

Hackers HATE it.

Have you ever stopped to consider that running


rails server

in development mode is a security risk?

Let’s say you are grooving on some Rails code in a coffee shop or co-working space and fire up rails server, as you do.

Whoa buddy, Put the brakes on! Anyone on that network can now potentially see what you are doing, or even interfere with your dev process by visiting your computer’s IP address with a web browser.

Keep reading…

permalink