Pentesting RoR

From: Mister Dookie (misterdookie@gmail.com)
Date: Mon Jul 16 2007 - 22:32:53 EDT

• Next message: rajat swarup: "Re: Wireless assessment"
• Previous message: Roland Dobbins: "Re: Skype use obligation - Security x Productivity"
• Next in thread: hwertz@avalon.net: "Re: Pentesting RoR"
• Maybe reply: hwertz@avalon.net: "Re: Pentesting RoR"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

So a client is setting up a webapp written in Ruby on Rails with a
MySQL backend.

I do not have much experience with Ruby exploits or SQL injection against Ruby.

Can some list members give me some insight or point me in the right
direction? I know the new Metasploit is written using Ruby. Does that
make it a better pentest platform (just one of the tools) for me?
Thanks! Regards, John

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer

http://www.cenzic.com/c/wf-spi
------------------------------------------------------------------------

• Next message: rajat swarup: "Re: Wireless assessment"
• Previous message: Roland Dobbins: "Re: Skype use obligation - Security x Productivity"
• Next in thread: hwertz@avalon.net: "Re: Pentesting RoR"
• Maybe reply: hwertz@avalon.net: "Re: Pentesting RoR"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:56 EDT