Materials from "Gaps in the Magic: Exploiting Security Edge Cases in Rails"
Presentation Slides
Download "EdgeCasesInRailsSecurity.pdf"
Workshop Applications
Rails SQLi Workbook |
A multi-tenant Rails application that allows users to explore Active Record methods vulnerable to SQLi. | https://github.com/Meristem-Infosec/rails-sqli-workbook |
Marshal Bank |
A Rails application that mimics the account registration process of a bank. It is vulnerable to unmarshalling attacks. | https://github.com/Meristem-Infosec/MarshalBank |