Materials from "Gaps in the Magic: Exploiting Security Edge Cases in Rails"


Presentation Slides

Download "EdgeCasesInRailsSecurity.pdf"

Workshop Applications

Rails SQLi Workbook
A multi-tenant Rails application that allows users to explore Active Record methods vulnerable to SQLi.
Marshal Bank
A Rails application that mimics the account registration process of a bank.  It is vulnerable to unmarshalling attacks.