De-Railing: Smashing the Rails Stack
Location: Portland Ballroom 255 Audience level: Intermediate
This talk is intended to help the professional Rails developer. It will give guidance on the do-nots while coding a Rails app as well as the do-nots when setting up a server and choosing the surrounding stack. After the talk there will be a brief demo of what improperly written code can do when in the hands of an attacker. Don’t let yourself make mistakes when people’s livelyhood is on the line. Rails isn’t a toy and we shouldn’t treat it as one. It’s time to start getting serious about security on Rails!
People planning to attend this session also want to see:
Aaron is a developer for Relevance, LLC in Chapel Hill North Carolina. He is a very active member of both the open source and information security communities. Aaron is also involved with the Metasploit Framework, a very large Ruby codebase that provides security researchers the necessary tools to prove new exploits as well as test for existing vulnerabilities. Most of Aaron’s background comes from researching patterns in software development and proper techniques behind design and development. Aaron has worked with a number of fortune 500 companies around the country performing both software architecture services and advanced hacking and penetration testing services.