Materials from "Gaps in the Magic: Exploiting Security Edge Cases in Rails"

 

Presentation Slides

Download "EdgeCasesInRailsSecurity.pdf"

Workshop Applications

Rails SQLi Workbook
A multi-tenant Rails application that allows users to explore Active Record methods vulnerable to SQLi. https://github.com/Meristem-Infosec/rails-sqli-workbook
Marshal Bank
A Rails application that mimics the account registration process of a bank.  It is vulnerable to unmarshalling attacks. https://github.com/Meristem-Infosec/MarshalBank